A new threat cluster identified as OP-512 is actively targeting Microsoft Internet Information Services (IIS) servers to deploy a sophisticated web shell framework. Researchers believe the group is focused on espionage and specifically selects organizations that align with Chinese intelligence priorities. This activity follows a trend of multiple China-linked threat actors focusing on IIS vulnerabilities over the past year.

Source