Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

DragonRank Campaign Targets IIS Servers

September 12, 2024
Reading Time: 2 mins read
in Alerts
DragonRank Campaign Targets IIS Servers

The DragonRank Black Hat SEO campaign, uncovered by Cisco Talos, has been targeting IIS servers across multiple countries in Asia and Europe to perform SEO rank manipulation for illicit purposes. This cyber espionage operation, attributed to a Chinese-speaking actor, exploits vulnerabilities in popular web applications such as phpMyAdmin and WordPress to deploy the ASPXspy web shell. The primary goal is to compromise Internet Information Services (IIS) servers hosting corporate websites, allowing the attackers to implant the BadIIS malware and repurpose the servers as a platform for black hat SEO activities.

Once compromised, the IIS servers are used to manipulate search engine algorithms by altering the content served to search engines. This tactic helps artificially boost the rankings of certain websites, driving traffic to fraudulent sites and increasing the visibility of illicit content. BadIIS, first documented by ESET in August 2021, is specifically designed to facilitate proxy ware and SEO fraud by turning compromised servers into relay points for malicious communications between threat actors and their victims. The campaign has affected industries ranging from healthcare and manufacturing to media and religious organizations.

One of the key techniques employed by DragonRank involves using malware to impersonate legitimate web crawlers, such as Google’s search engine crawler, to bypass security measures. The attackers also use a variety of credential-harvesting tools, including Mimikatz and various Potato exploits, to breach further servers within the target’s network. PlugX, a widely shared backdoor among Chinese threat actors, is another tool used in the campaign. PlugX relies on DLL side-loading to execute its payload stealthily, ensuring the malware goes undetected by security software.

DragonRank’s operations extend beyond technical exploitation, offering illegal SEO services through platforms like Telegram and QQ. Under the handle “tttseo,” the group provides tailored SEO fraud solutions to clients who submit keywords and websites for promotion. DragonRank develops customized strategies, ensuring targeted promotions based on specific countries and languages, enhancing their reach. The campaign’s combination of sophisticated malware tactics and client-driven SEO manipulation highlights the growing nexus between cybercrime and digital marketing fraud.

Reference:

  • DragonRank Search Engine Optimization Campaign Targeting IIS Servers
Tags: AsiaASPXspyBlack HatCisco TalosCyber AlertsCyber Alerts 2024Cyber threatsDragonRankEuropephpMyAdminSEOSeptember 2024TelegramWordpress
ADVERTISEMENT

Related Posts

FreeDrain Phishing Steals Crypto Funds

FBI Warns Cybercriminals Exploit Routers

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

X Scam Targets Crypto Users with Fake Ads

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

FreeDrain Phishing Steals Crypto Funds

May 9, 2025
COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial