VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

OP-512: New Campaign Targeting IIS with Custom Web Shell

TA416 атакует европейские правительства через OAuth‑фишинг и PlugX

Colleagues, please note: researchers have identified a cluster named OP-512 targeting Microsoft IIS.

ReliaQuest attributes the activity to China. The operators deployed a framework comprising three custom web shells to maintain access and provide automated reporting.
Evasion techniques include timestomping, cryptographic access controls, and per‑install unique generation.
Primary targets are outdated, internet‑facing IIS instances (e.g., Windows Server 2016, .NET 4.0). Attempts at privilege escalation (Potato Suite) and DNS/HTTP-based command-and-control were observed.
Why this matters: the framework is explicitly designed to bypass detections tuned to known clusters — IIS environments should be audited and patched.
What measures will you take to protect IIS?
#cybersecurity #IIS #webshells #threatintelligence

Latest comments

No comments yet.