CyberSum logo
Back

Cybercrime Group UAT-8099 Targets IIS Servers

Cyber Security News by CyberSum.net
2 sources
A cybercrime group identified as UAT-8099 is compromising Internet Information Services (IIS) servers in several regions to manipulate search results and steal sensitive data. The attackers use custom malware like BadIIS to gain and maintain persistent access, often going undetected for long periods. Their objectives include both financial gain from search engine optimization manipulation and espionage through the theft of credentials and certificates. The group also takes steps to secure its access, preventing other threat actors from taking over the compromised servers. Security teams should audit IIS environments for unauthorized web shells, suspicious remote access, and other indicators of compromise.

Also Read

Medical Center Hit by Ransomware; Patient Data at Risk

A major medical center was targeted in a cyberattack, resulting in the exposure of sensitive patient information from email communications. While the hospital's core medical record system remained secure, the attackers managed to access and leak some confidential data. A cybercrime organization has claimed responsibility, alleging the theft of terabytes of data and demanding a substantial ransom to prevent its public release. Hospital officials have assured the public that clinical operations were not affected and patient care continued without interruption. This incident highlights a concerning trend of cyberattacks targeting vulnerable healthcare infrastructure.

By Cyber Security News by CyberSum.net