CyberSecurityBoard
Sponsor Register Login

Hackers Hijacking IIS Servers in the Wild

Recent cybersecurity investigations reveal a surge in attacks targeting Internet Information Services (IIS) servers. Hackers are exploiting vulnerabilities to hijack these servers, leveraging them for malicious activities such as cryptojacking, data theft, and launching further attacks. This trend underscores the critical need for organizations to secure their IIS infrastructure by applying timely patches, monitoring unusual server behavior, and implementing robust security protocols. The article delves into specific attack vectors, the types of malware involved, and the threat actors behind these campaigns. It also provides actionable recommendations for IT security teams to mitigate risks and protect their digital assets effectively. With IIS servers being a backbone for many enterprise web applications, their compromise can lead to significant operational and reputational damage. Staying informed about these evolving threats is essential for maintaining a strong cybersecurity posture.

This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 25 Oct 2025 19:45:33 +0000


Cyber News related to Hackers Hijacking IIS Servers in the Wild

New C++ Based IIS Malware With Numerous Functionalities Mimics cmd.exe To Stay Undetected - Unit 42’s analysis revealed that this new C++ based IIS malware command execution framework leverages Windows’ user-mode asynchronous procedure calls (APCs) to queue malicious tasks while maintaining the facade of legitimate cmd.exe activity. ...
11 months ago Cybersecuritynews.com
Hackers Attacking IIS Servers With New Web Shell Script to Gain Complete Remotely Control - The attack emerged from a broader investigation into cyber intrusions targeting critical national infrastructure in the Middle East, where threat actors successfully deployed multiple web shell servers across compromised systems. Cybersecurity ...
7 months ago Cybersecuritynews.com
Hackers Hijacking IIS Servers in the Wild - Recent cybersecurity investigations reveal a surge in attacks targeting Internet Information Services (IIS) servers. Hackers are exploiting vulnerabilities to hijack these servers, leveraging them for malicious activities such as cryptojacking, data ...
4 months ago Cybersecuritynews.com CVE-2023-23397 CVE-2023-28252 UNC2447
Attackers Can Bypass Windows Security Using New DLL Hijacking - Threat actors using the DLL Hijacking technique for persistence have been the order of the day and have been utilized in several attacks. This attack method allows bypassing the privilege requirement for executing certain malicious codes on the ...
2 years ago Cybersecuritynews.com
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
3 years ago Hackread.com
PoC Exploit for Critical IIS Vulnerability Released - Cybersecurity News - A recent proof-of-concept (PoC) exploit has been released for a critical vulnerability affecting Microsoft Internet Information Services (IIS). This vulnerability allows attackers to execute arbitrary code remotely, posing a significant risk to ...
6 months ago Cybersecuritynews.com CVE-2024-12345
New HeadCrab Malware Hijacks 1,200 Redis Servers - Since September 2021, over a thousand vulnerable Redis servers online have been infected by a stealthy malware dubbed "HeadCrab", designed to build a botnet that mines Monero cryptocurrency. At least 1,200 servers have been infected by the HeadCrab ...
3 years ago Heimdalsecurity.com
Hackers Abuse ASP Machine Keys in IIS to Bypass Security Controls - Recent cybersecurity investigations have uncovered a novel attack vector where hackers exploit ASP machine keys in Microsoft's Internet Information Services (IIS) to bypass security controls. This technique allows attackers to manipulate encrypted ...
4 months ago Cybersecuritynews.com CVE-2023-34527 Unknown
Hackers Compromised Over 1,200 Redis Database Servers - A new type of malware, designed to target vulnerable Redis servers on the internet, has been spreading rapidly since September 2021. This is a quick-spreading malware, designed to operate stealthily, that has already infiltrated over thousand ...
3 years ago Cybersecuritynews.com
Side-by-Side with HelloJackHunter: Unveiling the Mysteries of WinSxS - As we know, Dynamic-link library(DLL) Side loading / DLL Hijacking is nothing new, nor is Windows Side-by-Side; however, side loading is handy from an adversarial tradecraft perspective, be it for establishing initial access, persistence, privilege ...
1 year ago Blog.zsec.uk Equation
Microsoft Issues Critical Patch for IIS Vulnerability Exploited in the Wild - Microsoft has released a critical security update addressing a severe vulnerability in Internet Information Services (IIS) that has been actively exploited by threat actors. This vulnerability allows attackers to execute arbitrary code remotely, ...
4 months ago Cybersecuritynews.com CVE-2024-1234 Unknown
Echoes of SolarWinds: JetBrains TeamCity servers under attack by Russia-backed hackers - The SolarWinds hackers are infiltrating JetBrains TeamCity servers via a critical vulnerability enabling authorization bypass and arbitrary code execution, government officials warn. Russian Foreign Intelligence Service-backed threat actor CozyBear ...
2 years ago Packetstormsecurity.com CVE-2023-42793
Windows 11 April update unexpectedly creates new 'inetpub' folder - Microsoft's April 2025 Patch Tuesday updates are strangely creating an empty "inetpub" folder in the root of the C:\ drive, even on systems that do not have Internet Information Services (IIS) installed. However, this folder is now ...
10 months ago Bleepingcomputer.com
Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now! - “Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, a remote code execution vulnerability in Zimbra mail servers. Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, ...
1 year ago Securityaffairs.com CVE-2024-45519
HeadCrab Malware Infects 1,200 Redis Servers to Mine Monero Cryptocurrency - A new stealthy malware, HeadCrab, designed to hunt down vulnerable Redis servers online has infected over a thousand of them since September 2021. Discovered by Aqua Security researchers Nitzan Yaakov and Asaf Eitani, the malware has so far ensnared ...
3 years ago Bleepingcomputer.com
Over 11M SSH Servers are Vulnerable to new Terrapin Attack - Previously, in December 2023, it was reported that SSH servers were vulnerable to the new Terrapin Attack in which threat actors can downgrade an SSH protocol version, making it vulnerable to exploitation. This attack can also be used to redirect ...
2 years ago Cybersecuritynews.com
Booking.com hackers increase attacks on customers - Hackers are increasing their attacks on Booking.com customers by posting adverts on dark web forums asking for help finding victims. Cyber-criminals are offering up to $2,000 for login details of hotels as they continue to target the people who are ...
2 years ago Bbc.com
Holiday Hackers: How to Safeguard Your Service Desk - Hackers really don't take holidays, but they will take advantage of them. Many of these cyberattacks will zero in on the service or help desk to gain entry into network systems. Recovering accounts because of forgotten passwords is one of the ...
2 years ago Bleepingcomputer.com
Hacker Conversations: Chris Evans, Hacker and CISO - Chris Evans is CISO and chief hacking officer at HackerOne. SecurityWeek's Hacker Conversations series seeks to understand the mind and motivations of hackers by talking to hackers. Evans challenges the common perception of both hackers and their ...
1 year ago Securityweek.com Silence
HellCat hackers go on a worldwide Jira hacking spree - The Swiss company did not provide technical details about the breach but targeting the Jira ticketing system has become a common attack method for the HellCat hackers. Rey, a member of the HellCat hacking group, told BleepingComputer that they stole ...
11 months ago Bleepingcomputer.com
Chinese Earth Krahang hackers breach 70 orgs in 23 countries - A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries. According to Trend Micro researchers monitoring the ...
1 year ago Bleepingcomputer.com CVE-2023-32315 CVE-2022-21587 Earth Lusca GALLIUM
Microsoft: Hackers target defense firms with new FalseFont malware - Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide. The DIB sector targeted in these attacks comprises over 100,000 defense companies and ...
2 years ago Bleepingcomputer.com APT3 APT33
Hackers are targeting exposed MS SQL servers with Mimic ransomware - Hackers are brute-forcing exposed MS SQL database servers to deliver Mimic ransomware, Securonix researchers are warning. Mimic ransomware was first spotted in the wild in June 2022 and analyzed by Trend Micro researchers in January 2023. It abuses ...
2 years ago Helpnetsecurity.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)