New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework

Cybersecurity researchers identified a new threat cluster named OP-512, targeting Microsoft Internet Information Services (IIS) servers to deploy a custom web shell framework. The activity, attributed with moderate to high confidence to a China-linked espionage group by ReliaQuest, represents a previously unreported campaign. The attack focuses on compromising IIS servers, though no specific CVEs, dates, or victim details were disclosed. The bespoke web shell framework suggests advanced capabilities for persistence and remote access. No additional technical indicators or impact assessments were provided in the available content.