New Threat Cluster 'OP-512' Targets Microsoft IIS Servers with Custom Web Shell Framework

Cybersecurity researchers have uncovered a previously unknown threat cluster, dubbed OP-512, actively targeting Microsoft Internet Information Services (IIS) servers. The group deploys a bespoke web shell framework to gain remote access and evade detection, utilizing techniques like timestomping to manipulate forensic timelines. ReliaQuest assesses with moderate to high confidence that this espionage-focused activity is linked to China, marking it as the fourth China-aligned threat group to target IIS web servers in the past year.