UAT-8099 Campaign Targets IIS Servers in Asia with Advanced Techniques

UAT-8099 Campaign Targets IIS Servers in Asia with Advanced Techniques

First seen 2 Feb 2026, 22:38 UTC Blog.TalosintelligenceCybersecuritynewsCyberpressSocprimeScworld+1 85% similarity 27.3

Article Content

Browse articles
ThreatCluster

Cisco Talos reports on the UAT-8099 campaign that has been targeting vulnerable IIS web servers across Asia since August 2025. Key affected regions include India, Pakistan, Thailand, Vietnam, and Japan, with a notable concentration in Thailand and Vietnam. The attackers utilize customized BadIIS variants, web shells, PowerShell, and the GotoHTTP tool for control, employing new persistence mechanisms such as hidden local accounts.

ThreatCluster AI

Community

Browse all →