AhnLab Security Intelligence Center analyzed attacks on Windows web servers during Q2 2025 using their Smart Defense infrastructure. The study focused on poorly managed servers, categorizing attack types and malware strains. It revealed that multiple threat actors often target vulnerable servers simultaneously, exploiting unpatched systems or misconfigurations. Attackers typically use file upload vulnerabilities to deploy web shells and execute commands, but may also exploit framework or Web Application Server weaknesses. The analysis provides detailed statistics on the number of affected systems and the frequency of attacks, offering insights into the current threat landscape for Windows-based web servers.