Home > Security Alerts > UAT-8099 Targets Vulnerable IIS Servers Using Web Shells, PowerShell, and Region-Customized BadIIS

UAT-8099 Targets Vulnerable IIS Servers Using Web Shells, PowerShell, and Region-Customized BadIIS

February 2, 2026 Monday

Unpatched IIS servers are injected malicious web shells, executed PowerShell scripts, and deployed the BadIIS malware, including hardcoded regional configurations tailored to specific countries.

Latest News

LabArchives Laboratory Notebook Cloud Platform available to HKU research groups 

Your opinion matters, share your thoughts by completing the survey about HKU communication channels

Mobile Mail App EAS version below 16.1 will no longer support after March 2026

Update on Staff UID Change Policy

Facial Identity (Face ID) Access for HKU Main Library and Chi Wah Learning Commons

Popular Services:

uPrint
Study Rooms in Learning Commons
Software Download
HKU Virtual Private Network (HKUVPN)
Application

UAT-8099 Targets Vulnerable IIS Servers Using Web Shells, PowerShell, and Region-Customized BadIIS

About ITS

Alerts

Service Request & Support