India, Japan, South Korea, Thailand, Vietnam, Singapore, Taiwan, the Philippines, and Brazil are having their government, education, technology, and telecommunications sectors' Microsoft Internet Information Services servers compromised with the BadIIS malware as part of a search engine optimization manipulation attack campaign, The Hacker News reports.Attacks — which are believed to have been conducted by Group 9-linked Chinese hacking operation DragonRank — involved payloads with SEO fraud and malicious JavaScript code injections resembling those utilized by Group 11, according to an analysis from Trend Micro.Researchers noted that the BadIIS malware leveraged in the new campaign facilitated the monitoring of the 'User Agent' and 'Referer' fields in the HTTP response header received from the web server. "If these fields contain specific search portal sites or keywords, BadIIS redirects the user to a page associated with an online illegal gambling site instead of a legitimate web page," researchers added.These findings follow a Silent Push report detailing infrastructure laundering performed by the China-based Funnull content delivery network.
