Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
The scale of the attacks has already covered several countries and many areas of business.
Security researchers have uncovered a new cyberattack aimed at manipulating search engine results (SEO). The campaign, dubbed DragonRank, has affected several countries in Asia and Europe, including Thailand, India, Korea, Belgium, the Netherlands and China. Cybercriminals exploit web application vulnerabilities to compromise servers and run malware.
Cisco Talos specialists reported that the attacks begin with the compromise of web applications such as phpMyAdmin and WordPress. Attackers inject malware such as BadIIS by exploiting system vulnerabilities. As a result, the attacked servers turn into platforms for fraudulent operations related to SEO manipulation.
BadIIS allows attackers to modify the content of websites to influence search engine algorithms. This helps to promote third-party websites, increase traffic to fraudulent resources, and improve their position in search results. The main goal is to create a fake ranking to promote certain sites, including those with adult content.
Experts note that one of the key features of this campaign is the use of malware to bypass security mechanisms. For example, BadIIS can masquerade as Googlebot, allowing it to silently interact with control commands (C2) while avoiding detection.
DragonRank attacks span a wide range of industries, including jewelry, media, healthcare, transportation, and even feng shui organizations. Attackers actively use credential theft utilities and software tools such as Mimikatz and PlugX to maintain control over compromised systems.
Analysts also drew attention to the fact that attackers provide customers with detailed promotion plans, allowing them to choose keywords and target markets to optimize their fraudulent sites. DragonRank actively interacts with customers through Telegram and QQ messengers, offering services to promote sites in specific languages and in certain countries.
Experts urge companies to be vigilant and monitor the security of their web applications, as such campaigns are becoming more sophisticated and target vulnerable services.
Source
Security researchers have uncovered a new cyberattack aimed at manipulating search engine results (SEO). The campaign, dubbed DragonRank, has affected several countries in Asia and Europe, including Thailand, India, Korea, Belgium, the Netherlands and China. Cybercriminals exploit web application vulnerabilities to compromise servers and run malware.
Cisco Talos specialists reported that the attacks begin with the compromise of web applications such as phpMyAdmin and WordPress. Attackers inject malware such as BadIIS by exploiting system vulnerabilities. As a result, the attacked servers turn into platforms for fraudulent operations related to SEO manipulation.
BadIIS allows attackers to modify the content of websites to influence search engine algorithms. This helps to promote third-party websites, increase traffic to fraudulent resources, and improve their position in search results. The main goal is to create a fake ranking to promote certain sites, including those with adult content.
Experts note that one of the key features of this campaign is the use of malware to bypass security mechanisms. For example, BadIIS can masquerade as Googlebot, allowing it to silently interact with control commands (C2) while avoiding detection.
DragonRank attacks span a wide range of industries, including jewelry, media, healthcare, transportation, and even feng shui organizations. Attackers actively use credential theft utilities and software tools such as Mimikatz and PlugX to maintain control over compromised systems.
Analysts also drew attention to the fact that attackers provide customers with detailed promotion plans, allowing them to choose keywords and target markets to optimize their fraudulent sites. DragonRank actively interacts with customers through Telegram and QQ messengers, offering services to promote sites in specific languages and in certain countries.
Experts urge companies to be vigilant and monitor the security of their web applications, as such campaigns are becoming more sophisticated and target vulnerable services.
Source
