Chinese hack group DragonRank has targeted over 35 Microsoft Internet Information Services servers in Asia, Europe and beyond, using BadIIS malware to commit SEO fraud and content injection. The malware redirects traffic from search engine crawlers to illicit sites, boosting rankings, and injects malicious JavaScript into servers. DragonRank exploits vulnerabilities in web applications like WordPress to deploy web shells and install BadIIS. Those targeted include government agencies, universities and private companies.
The NCSC wants developers to get serious on software security
The NCSC’s new Software Security Code of Practice has been praised by cyber professionals as a significant advancement in enhancing software supply chain security.
