February 10, 2025 By Alessandro Mascellino
A newly uncovered cyber campaign has been observed exploiting Internet Information Services (IIS) vulnerabilities to distribute malware known as BadIIS.
The attack, affecting several Asian countries, manipulates search engine optimization (SEO) results to redirect users to illegal gambling sites or malicious servers.
Widespread Impact and Financial Motivation
According to Trend Micro’s findings, the attack is financially driven, as many victims are redirected to illicit gambling websites. The campaign has already impacted India, Thailand and Vietnam, with potential threats extending to the Philippines, Singapore, Taiwan, South Korea, Japan, Brazil and Bangladesh.
Compromised IIS servers belong to organizations in various sectors, including government agencies, universities, technology firms and telecommunications companies. Researchers suspect the malware is linked to Chinese-speaking threat actors, based on extracted domain data and Chinese-language code strings found in the samples.