UAT-8099 Campaign Targets IIS Servers in Asia with Advanced Techniques
First seen 2 Feb 2026, 22:38 UTC
•



+1
•85% similarity
•27.3
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Cisco Talos reports on the UAT-8099 campaign that has been targeting vulnerable IIS web servers across Asia since August 2025. Key affected regions include India, Pakistan, Thailand, Vietnam, and Japan, with a notable concentration in Thailand and Vietnam. The attackers utilize customized BadIIS variants, web shells, PowerShell, and the GotoHTTP tool for control, employing new persistence mechanisms such as hidden local accounts.
ThreatCluster AI