THE article discusses the discovery of a new espionage group, OP-512, identified by ReliaQuest Threat Research. This group exploits vulnerabilities in Internet Information Services (IIS) servers, utilizing a custom web shell framework with unique cryptographic signatures for evading detection. OP-512 is assessed as a previously undocumented Chinese operation, employing sophisticated methods such as self-reporting DNS queries and automated command handlers.
The compromised servers are running outdated software, making them susceptible to attacks. Defenders are advised to prioritize upgrading legacy .NET frameworks and enhance behavioral detection strategies.