Threat Intelligence New China-linked threat cluster OP-512 targets Microsoft IIS servers June 5, 2026 Share By SC Staff (Adobe Stock) As detailed in The Hacker News, a newly identified threat cluster named OP-512 has been observed actively targeting Microsoft Internet Information Services (IIS) servers. ReliaQuest researchers assess with moderate to high confidence that this espionage-focused activity is linked to China, marking it as the fourth such group to focus on IIS servers in the past year. OP-512 deploys a custom web shell framework consisting of three distinct web shells, designed to provide attackers with remote access while evading detection. The group employs techniques like timestomping, manipulating file timestamps to blend in with legitimate system files. This framework is unique, featuring individually generated deployments, cryptographic access controls, and automated reporting for centralized management. The attackers target legacy IIS servers, such as one running Windows Server 2016 with an outdated .NET Framework. The attack sequence involves dropping a web shell via the server's worker process, which then self-reports its location to an attacker-controlled domain. OP-512 also attempts privilege escalation to the SYSTEM level using the Potato Suite. The cluster's sophisticated, purpose-built tooling suggests it is designed to bypass defenses tuned for other known China-linked threat groups, highlighting a significant gap for defenders relying on signature-based detection. Source: The Hacker News SC Staff Related Threat Intelligence Pro-Russian hacker group launches ‘Patriotic Online Games’ campaign targeting European organizations SC Staff June 5, 2026 The group is leveraging Telegram to enlist "patriotic volunteers," offering cryptocurrency rewards for participating in various cyber activities, including DDoS attacks, information gathering, and ransomware operations. Threat Intelligence California man sentenced to over 26 years for dark web drug trafficking SC Staff June 5, 2026 Darren Hughes, 39, of San Jose, was convicted in November 2025 on drug trafficking charges. Threat Intelligence China-linked actors using job sites to target government workers, Five Eyes warns SC Staff June 4, 2026 The intelligence agencies, comprising the UK, US, Canada, Australia, and New Zealand, detailed a sophisticated espionage campaign. Related Events Cybercast Better Threat Intelligence Between Public and Private Sectors On-Demand Event Virtual Conference Nationwide Cybersecurity Summit 2025: Safeguarding America’s Digital Future On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Black Hat DNS Spoofing Deauthentication Attack Defacement Dictionary Attack Distributed Scans Domain Hijacking DumpSec Dumpster Diving Google Hacking You can skip this ad in 5 seconds