DragonRank Launches Black Hat SEO Campaign Targeting IIS Servers in Asia and Europe
A Chinese-speaking threat actor, codenamed DragonRank, has been linked to a new black hat SEO campaign targeting Internet Information Services (IIS) servers across Asia and Europe, aiming to manipulate search engine rankings for malicious purposes. Cisco Talos uncovered this campaign, which affects sectors including media, healthcare, manufacturing, IT services, and more, in countries like Thailand, India, Korea, Belgium, and China.
- Exploitation of IIS Servers: DragonRank exploits security vulnerabilities in web applications such as phpMyAdmin and WordPress, deploying the ASPXspy web shell to compromise IIS servers hosting corporate websites. The malware enables the attackers to launch further malicious tools like PlugX and BadIIS.
- BadIIS Malware Deployment: The BadIIS malware repurposes compromised servers as proxies for black hat SEO activities, manipulating search engine algorithms to artificially boost the ranking of fraudulent or malicious websites.
- SEO Fraud Scheme: DragonRank alters search engine algorithms to drive traffic to malicious sites, inflate or deflate competitor rankings, and enhance the visibility of scam content, such as websites promoting pornographic material.
- PlugX Backdoor and Credential Harvesting: To maintain control, DragonRank uses PlugX malware, a tool popular among Chinese threat actors, alongside credential-harvesting utilities like Mimikatz, PrintNotifyPotato, and BadPotato. This allows them to breach additional servers within the target’s network.
- Masquerading as Google Search Engine Crawler: The malware mimics the Google search engine crawler using a falsified User-Agent string, allowing it to bypass certain security measures on websites, facilitating deeper infiltration.
- Illegal Business Operations via Telegram and QQ: DragonRank offers its illicit SEO services via platforms like Telegram and QQ, providing custom promotional strategies for paying clients, who can submit keywords and websites they want to promote.
Net Protector Cyber Security continues to monitor such evolving threats and recommends businesses adopt NPAV Endpoint Security to safeguard against advanced malware like BadIIS and PlugX.
Comment(s)
Categories
- Other (42)
- Ransomware (115)
- Events and News (25)
- Features (44)
- Security (412)
- Tips (79)
- Google (22)
- Achievements (6)
- Products (30)
- Activation (7)
- Dealers (1)
- Bank Phishing (42)
- Malware Alerts (171)
- Cyber Attack (208)
- Data Backup (11)
- Data Breach (67)
- Phishing (129)
- Securty Tips (1)
- Browser Hijack (16)
- Adware (15)
- Email And Password (67)
- Android Security (52)
- Knoweldgebase (37)
- Botnet (15)
- Updates (3)
- Alert (68)
- Hacking (54)
- Social Media (7)
- vulnerability (48)
- Hacker (30)
- Spyware (8)
- Windows (5)
- Microsoft (20)
- Uber (1)
- YouTube (1)
- Trojan (2)
- Website hacks (2)
- Paytm (1)
- Credit card scam (1)
- Telegram (3)
- RAT (4)
- Bug (3)
- Twitter (2)
- Facebook (7)
- Banking Trojan (4)
- Mozilla (2)
- COVID-19 (5)
- Instagram (2)
- NPAV Announcement (5)
- IoT Security (1)
- Deals and Offers (1)
- Cloud Security (6)
- Offers (5)
- Gaming (1)
- FireFox (1)
- LinkedIn (2)
- WhatsApp (4)
- Amazon (1)
- DMart (1)
- Payment Risk (4)
- Occasion (2)
- firewall (1)
- Cloud malware (2)
- Cloud storage (2)
- Financial fraud (2)
- Impersonation phishing (1)
- DDoS (4)
- Smishing (2)
- Whale (0)
- Whale phishing (3)
- WINRAR (2)
- ZIP (1)
Recent Posts
Archive
Tags
phishing
cyber attack
ransomeware
ransomware
data breach
android malware
data stealing
ddos
phishing email
twitter
india
microsoft
cert-in
malware
whatsapp
clop
email phishing
pakistani hackers
critical vulnerability
december cyber attacks
independence day
occasion
telegram
trojan
ddos attack
fedex
scam
cybercrime
winrar
cyber security
lockbit
play store
organisation
clop gang
microsoft team
clop gang extorting
user data leak
pakistan-backed hacker
hacking
malicious apps
android apps
cyber attack in india
android
cert
pune
cryptojacking
google play store
data backup
canon
facebook