China-Linked Cyber Espionage: How OP-512 Exploited Legacy IIS Servers and Evaded Detection

China-Linked Cyber Espionage: How OP-512 Exploited Legacy IIS Servers and Evaded Detection

From ShadowTalk: Powered by ReliaQuest by ReliaQuest

June 10, 2026 · 23 min

About this episode

The episode discusses a China-linked cyber espionage campaign that exploited legacy IIS servers and evaded detection.

Your team built defenses around known China-linked clusters. The file hashes are tracked. The behavioral patterns are documented. What those weren't built to catch is a new cluster that studied those exact defenses and engineered around them. A China-linked attacker compromised an internet-facing IIS server, maintained access for over 75 days, and came back on fresh infrastructure. With four China-linked clusters converging on the same legacy IIS stack in twelve months, defenders building det...

Topics covered

  • cyber espionage
  • China-linked attacks
  • IIS server vulnerabilities
  • cybersecurity defenses
  • threat detection

Keywords

  • cyber espionage
  • China
  • IIS servers
  • OP-512
  • cybersecurity
  • threat detection
  • legacy systems

Mentioned in this episode

Organizations: China, IIS, OP-512

More episodes of ShadowTalk: Powered by ReliaQuest

Explore listener stats, chart rankings, contacts and more on the ShadowTalk: Powered by ReliaQuest podcast page.