China-Linked UAT-8099 Group Targets Vulnerable IIS Servers in Asia with BadIIS Malware

A campaign attributed to the Chinese group UAT-8099 targeted vulnerable Internet Information Services (IIS) servers in Asia between late 2025 and early 2026. Identified by Cisco Talos, the operation primarily focused on Thailand and Vietnam. The attackers deployed the BadIIS malware, designed to manipulate search engine optimization (SEO) through compromised servers. No details on the exact impact or number of victims were provided. The article does not mention specific exploited vulnerabilities (CVE).