New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework

Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 (where "OP" stands for "opponent") that has been observed targeting Microsoft Internet Information Services (IIS) servers to deploy a bespoke web shell framework. ReliaQuest has assessed with moderate to high confidence that the espionage-focused activity is linked to China. "OP-512 was highly

The article describes a new threat cluster, OP-512, targeting Microsoft IIS servers with a custom web shell framework in an espionage-focused campaign attributed with moderate to high confidence to China. This is a conventional cyber-espionage and web exploitation operation, not an AI-specific attack, but such bespoke frameworks can be augmented with AI-assisted automation for scanning, lateral movement, or data triage. From a CyberSE.AI perspective, organizations operating AI-enabled services on IIS or adjacent infrastructure should assume that similar threat actors could integrate AI into tooling to scale reconnaissance and exfiltration, and should use Continuous AI Red Teaming to test how their AI-driven workflows, logs, and exposed interfaces could be abused or pivoted through if the underlying web infrastructure is compromised.