EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

China-linked cyber activity reported across asia, including iis-focused BadIIS campaign

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-01-30 02:00 UTCUpdated 2026-01-30 12:08 UTC
rss
threat_actor_activityintrusion_campaignmalwareweb_server_securityasia
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (2)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (2 domains)domains are deduped. counts indicate coverage, not truth.
2 top sources shown
Chinese APTs Hacking Asian Orgs With High-End Malware
Dark Reading · News · darkreading.com · 2026-01-30 02:00 UTC
limited source diversity in top sources
View all evidence
Overview

Two contemporaneous reports point to China-linked threat activity affecting Asian organizations, pairing a broad warning about “high-end malware” used by Chinese APTs with a more specific campaign description targeting vulnerable IIS servers in Asia (notably Thailand and Vietnam) using BadIIS SEO malware.

Entities
Cisco TalosInternet Information Services (IIS)BadIISUAT-8099
Score total
0.96
Momentum 24h
2
Posts
2
Origins
2
Source types
1
Duplicate ratio
0%
Why now
  • Two separate reports surfaced the same day on related regional targeting
  • Talos-attributed activity is described as spanning late 2025 to early 2026
Why it matters
  • Signals continued China-linked operations affecting multiple Asian targets
  • Highlights risk from vulnerable, internet-facing IIS servers
  • SEO malware can extend impact beyond the initially compromised server
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
  • Chinese APT groups are reported deploying new, high-end malware against a variety of Asian targets.
  • Cisco Talos-linked reporting describes a China-linked UAT-8099 campaign targeting vulnerable IIS servers across Asia, with a focus on Thailand and Vietnam, using BadIIS SEO malware.
How sources frame it
  • Dark Reading: neutral
  • The Hacker News: neutral
Cluster combines a broad regional APT trend piece with a specific IIS-focused campaign report; keep claims tightly sourced.
All evidence
All evidence
China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware
The Hacker News · thehackernews.com · 2026-01-30 12:08 UTC
Chinese APTs Hacking Asian Orgs With High-End Malware
Dark Reading · darkreading.com · 2026-01-30 02:00 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -
Showing 2 / 0
Top publishers (this list)
  • The Hacker News (1)
  • Dark Reading (1)
Top origin domains (this list)
  • thehackernews.com (1)
  • darkreading.com (1)