Threat Intelligence Report

Operation Rewrite: Chinese-Speaking Threat Actors Deploy BadIIS in a Wide Scale SEO Poisoning Campaign

📅 September 23, 2025 📰 unit42.paloaltonetworks.com 🔍 1 CVE(s) referenced

Chinese-speaking threat actors have launched a large-scale SEO poisoning campaign, using advanced BadIIS malware implants on compromised web servers to manipulate search results and redirect unsuspecting users to scam and illicit sites, with a strategic focus on East and Southeast Asia.

vendor

CVE-2025-31324

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle