DragonRank: Chinese Hackers Manipulate SEO via IIS Server Exploits

DragonRank: Chinese Hackers Manipulate SEO via IIS Server Exploits

DragonRank, a Chinese-speaking hacking group, targets countries in Asia and some in Europe. They compromise Windows Internet Information Services (IIS) servers, affecting legitimate corporate websites. Their goal is to manipulate search engine optimization (SEO) rankings. They exploit vulnerabilities in popular web applications such as phpMyAdmin and WordPress. Once they gain access, they deploy a web shell. This allows them to collect system information, launch malware, and run credential-harvesting utilities. PlugX is their backdoor malware of choice, commonly used by Chinese threat actors.

DragonRank employs DLL sideloading techniques, exploiting vulnerable binaries. This initiates the PlugX loader. The group’s operations are widespread and non-targeted, compromising over 35 IIS servers. They target industries like jewelry, media, research, and healthcare. They breach additional servers through web shells or stolen credentials via remote desktop logins.

The group offers both white hat and black hat SEO services. These include cross-site ranking, single-site ranking, parasite ranking, extrapolation ranking, and search result dominance. DragonRank’s commercial website claims to support industry-wide advertising in over 200 countries. They share contact information on Telegram and QQ for underground business trades.

The hacking cluster poses a significant threat to global SEO. By compromising numerous IIS servers, they disrupt the search rankings of affected companies. This diminishes their online presence. Companies must be vigilant and secure their web application services. Countermeasures are essential to protect against these attacks.

In essence, DragonRank manipulates SEO rankings by compromising IIS servers. They use techniques like web shells, PlugX malware, and credential-harvesting utilities. Their commercial services and extensive reach threaten global search engine optimization. Companies must take preventive steps to safeguard their systems.

Leave a Reply