Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

DragonRank Campaign Targets IIS Servers

September 12, 2024
Reading Time: 2 mins read
in Alerts
DragonRank Campaign Targets IIS Servers

The DragonRank Black Hat SEO campaign, uncovered by Cisco Talos, has been targeting IIS servers across multiple countries in Asia and Europe to perform SEO rank manipulation for illicit purposes. This cyber espionage operation, attributed to a Chinese-speaking actor, exploits vulnerabilities in popular web applications such as phpMyAdmin and WordPress to deploy the ASPXspy web shell. The primary goal is to compromise Internet Information Services (IIS) servers hosting corporate websites, allowing the attackers to implant the BadIIS malware and repurpose the servers as a platform for black hat SEO activities.

Once compromised, the IIS servers are used to manipulate search engine algorithms by altering the content served to search engines. This tactic helps artificially boost the rankings of certain websites, driving traffic to fraudulent sites and increasing the visibility of illicit content. BadIIS, first documented by ESET in August 2021, is specifically designed to facilitate proxy ware and SEO fraud by turning compromised servers into relay points for malicious communications between threat actors and their victims. The campaign has affected industries ranging from healthcare and manufacturing to media and religious organizations.

One of the key techniques employed by DragonRank involves using malware to impersonate legitimate web crawlers, such as Google’s search engine crawler, to bypass security measures. The attackers also use a variety of credential-harvesting tools, including Mimikatz and various Potato exploits, to breach further servers within the target’s network. PlugX, a widely shared backdoor among Chinese threat actors, is another tool used in the campaign. PlugX relies on DLL side-loading to execute its payload stealthily, ensuring the malware goes undetected by security software.

DragonRank’s operations extend beyond technical exploitation, offering illegal SEO services through platforms like Telegram and QQ. Under the handle “tttseo,” the group provides tailored SEO fraud solutions to clients who submit keywords and websites for promotion. DragonRank develops customized strategies, ensuring targeted promotions based on specific countries and languages, enhancing their reach. The campaign’s combination of sophisticated malware tactics and client-driven SEO manipulation highlights the growing nexus between cybercrime and digital marketing fraud.

Reference:

  • DragonRank Search Engine Optimization Campaign Targeting IIS Servers
Tags: AsiaASPXspyBlack HatCisco TalosCyber AlertsCyber Alerts 2024Cyber threatsDragonRankEuropephpMyAdminSEOSeptember 2024TelegramWordpress
ADVERTISEMENT

Related Posts

Russian APT28 Deploys Outlook Backdoor

SAP S4hana Exploited Vulnerability

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Virustotal Finds Undetected SVG Files

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Russian APT28 Deploys Outlook Backdoor

September 5, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Lazarus Hackers Exploit ZeroDay, Deploy Rats

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

CISA Flags TP Link Router Flaws

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

September 4, 2025

Latest Alerts

SAP S4hana Exploited Vulnerability

Virustotal Finds Undetected SVG Files

Russian APT28 Deploys Outlook Backdoor

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

Subscribe to our newsletter

    Latest Incidents

    North Korean Hackers Fake Interviews

    Bridgestone Confirms Cyberattack

    Cybersecurity Firms Hit By Breach

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial