The Reveal Platform
Intel Name: Uat-8099: chinese-speaking cybercrime group targets high-value iis for seo fraud
Date of Scan: October 3, 2025
Impact: High
Summary: UAT-8099 is a Chinese-speaking cybercrime group targeting high-value IIS servers in countries like India, Thailand, Vietnam, Canada, and Brazil to conduct SEO fraud and steal credentials, config files, and certificates. They use web shells, Cobalt Strike, and BadIIS malware to manipulate search rankings and maintain persistence. Their tools are highly evasive, with some samples containing Chinese debug strings, indicating sophisticated and stealthy operations.
