China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

Security Aid January 30, 2026 1 minute read

Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026.
The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services (IIS) servers located across Asia, but with a specific focus on targets in Thailand and Vietnam. The scale of the campaign is currentlyCybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026.
The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services (IIS) servers located across Asia, but with a specific focus on targets in Thailand and Vietnam. The scale of the campaign is currently The Hacker NewsRead More

About The Author

Security Aid

See author's posts

Security Aid

Related Stories

Aisy Launches Out of Stealth to Transform Vulnerability Management

Microsoft fixes Outlook bug blocking access to encrypted emails

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access