New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
Summary
Cybersecurity researchers have identified a new threat cluster, OP-512, which is targeting Microsoft IIS servers with a custom web shell framework. The observed activity is believed to be espionage-focused and has been linked with moderate to high confidence to China.
IFF Assessment
FOE
This discovery represents a new threat actor and their unique tooling, which poses a risk to organizations relying on Microsoft IIS servers.
Defender Context
Organizations running Microsoft IIS servers should be aware of this new threat cluster and the potential for custom web shell deployments. Defenders should focus on monitoring IIS logs for suspicious activity and ensure their systems are patched and secured against common web server attack vectors.