Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

DragonRank Campaign Targets IIS Servers

September 12, 2024
Reading Time: 2 mins read
in Alerts
DragonRank Campaign Targets IIS Servers

The DragonRank Black Hat SEO campaign, uncovered by Cisco Talos, has been targeting IIS servers across multiple countries in Asia and Europe to perform SEO rank manipulation for illicit purposes. This cyber espionage operation, attributed to a Chinese-speaking actor, exploits vulnerabilities in popular web applications such as phpMyAdmin and WordPress to deploy the ASPXspy web shell. The primary goal is to compromise Internet Information Services (IIS) servers hosting corporate websites, allowing the attackers to implant the BadIIS malware and repurpose the servers as a platform for black hat SEO activities.

Once compromised, the IIS servers are used to manipulate search engine algorithms by altering the content served to search engines. This tactic helps artificially boost the rankings of certain websites, driving traffic to fraudulent sites and increasing the visibility of illicit content. BadIIS, first documented by ESET in August 2021, is specifically designed to facilitate proxy ware and SEO fraud by turning compromised servers into relay points for malicious communications between threat actors and their victims. The campaign has affected industries ranging from healthcare and manufacturing to media and religious organizations.

One of the key techniques employed by DragonRank involves using malware to impersonate legitimate web crawlers, such as Google’s search engine crawler, to bypass security measures. The attackers also use a variety of credential-harvesting tools, including Mimikatz and various Potato exploits, to breach further servers within the target’s network. PlugX, a widely shared backdoor among Chinese threat actors, is another tool used in the campaign. PlugX relies on DLL side-loading to execute its payload stealthily, ensuring the malware goes undetected by security software.

DragonRank’s operations extend beyond technical exploitation, offering illegal SEO services through platforms like Telegram and QQ. Under the handle “tttseo,” the group provides tailored SEO fraud solutions to clients who submit keywords and websites for promotion. DragonRank develops customized strategies, ensuring targeted promotions based on specific countries and languages, enhancing their reach. The campaign’s combination of sophisticated malware tactics and client-driven SEO manipulation highlights the growing nexus between cybercrime and digital marketing fraud.

Reference:

  • DragonRank Search Engine Optimization Campaign Targeting IIS Servers
Tags: AsiaASPXspyBlack HatCisco TalosCyber AlertsCyber Alerts 2024Cyber threatsDragonRankEuropephpMyAdminSEOSeptember 2024TelegramWordpress
ADVERTISEMENT

Related Posts

Fake DocuSign Alerts Target Corporate Logins

Fake DocuSign Alerts Target Corporate Logins

May 28, 2025
Fake DocuSign Alerts Target Corporate Logins

Fake Bitdefender Site Spreads Venom Malware

May 28, 2025
Fake DocuSign Alerts Target Corporate Logins

Microsoft Void Blizzard Cyber Threat Alert

May 28, 2025
GhostSpy Android Malware Full Device Control

FBI Warns Luna Moth Targets US Law Firms

May 27, 2025
GhostSpy Android Malware Full Device Control

Winos 4.0 Malware Spread Via Fake Installers

May 27, 2025
GhostSpy Android Malware Full Device Control

GhostSpy Android Malware Full Device Control

May 27, 2025

Latest Alerts

Microsoft Void Blizzard Cyber Threat Alert

Fake DocuSign Alerts Target Corporate Logins

Fake Bitdefender Site Spreads Venom Malware

FBI Warns Luna Moth Targets US Law Firms

Winos 4.0 Malware Spread Via Fake Installers

GhostSpy Android Malware Full Device Control

Subscribe to our newsletter

    Latest Incidents

    Migos IG Hack Blackmails Solana Cofounder

    Tiffany & Co. Faces Data Breach Incident

    MathWorks Crippled by Ransomware Attack

    Everest Ransomware Leaks Coke Staff Data

    Adidas Data Breach Exposes Customer Contacts

    Semiconductor Firm AXT Hit by Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial