Chinese Hackers Turn Reputable Websites Into SEO Spam Machines While Stealing Data

Chinese cybercrime group UAT-8099 exploits IIS servers at universities and tech firms, flooding search engines with spam and stealing data.

By Content Team

Oct 4, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

A Chinese cybercrime group called UAT-8099 is hijacking web servers at universities, tech companies, and telecom providers worldwide to run a sophisticated dual-purpose operation. The hackers exploit vulnerable Internet Information Services (IIS) servers, then install "BadIIS" malware that floods search engines with gambling-related spam terms while redirecting unsuspecting users to illegal gambling sites.

The attack is particularly clever because legitimate visitors see nothing unusual, making it nearly invisible to website owners. Meanwhile, the hackers steal sensitive data including credentials and certificates for future attacks or dark web sales.

Victims span multiple countries including Brazil, Canada, India, Thailand, and Vietnam. Security experts warn that the same vulnerabilities could be exploited for more damaging attacks like credential theft or website defacement.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

AI-Powered Scams Set to Overtake Ransomware as Top Cyber Threat in 2026

Jan 23, 2026

FortiGate Firewalls Under Automated Attack Since January 15

Jan 26, 2026

Freedom Mobile Hit by Data Breach Affecting Customer Personal Information

Dec 27, 2025

Hackers Selling $220,000 Windows Zero-Day Exploit on Dark Web

Mar 9, 2026