
China-Linked Cyber Espionage: How OP-512 Exploited Legacy IIS Servers and Evaded Detection
From ShadowTalk: Powered by ReliaQuest by ReliaQuest
June 10, 2026 · 23 min
About this episode
The episode discusses a China-linked cyber espionage campaign that exploited legacy IIS servers and evaded detection.
Your team built defenses around known China-linked clusters. The file hashes are tracked. The behavioral patterns are documented. What those weren't built to catch is a new cluster that studied those exact defenses and engineered around them. A China-linked attacker compromised an internet-facing IIS server, maintained access for over 75 days, and came back on fresh infrastructure. With four China-linked clusters converging on the same legacy IIS stack in twelve months, defenders building det...
Topics covered
- cyber espionage
- China-linked attacks
- IIS server vulnerabilities
- cybersecurity defenses
- threat detection
Keywords
- cyber espionage
- China
- IIS servers
- OP-512
- cybersecurity
- threat detection
- legacy systems
Mentioned in this episode
Organizations: China, IIS, OP-512
More episodes of ShadowTalk: Powered by ReliaQuest
- SonicWall, MFA Bypass, IABs: Why Patched Devices Are Still Handing Attackers Initial Access · June 3, 2026 · 21 min
- Device Code, OAuth, PhaaS: How Session Token Theft is Breaking the Phishing Playbook · May 27, 2026 · 29 min
- SQLite, Mistral, OpenAI: How AI Attacks Are Reshaping the Attack Surface · May 20, 2026 · 20 min
- Canvas, Trellix, Mini Shai-Hulud: How Defenders Respond When Supply Chain Attacks Become Weekly · May 14, 2026 · 32 min
- Akira, ShinyHunters, and The Gentlemen: Extortion Lessons From Early 2026 · May 6, 2026 · 35 min
- What Happened to Black Basta's Playbook? The Automated Teams Phishing Threat Hitting Executives · April 29, 2026 · 27 min
Explore listener stats, chart rankings, contacts and more on the ShadowTalk: Powered by ReliaQuest podcast page.