Security News > 2023 > July > Lazarus hackers hijack Microsoft IIS servers to spread malware
2023-07-24 20:34
The North Korean state-sponsored Lazarus hacking group is breaching Windows Internet Information Service web servers to hijack them for malware distribution.
South Korean security analysts at ASEC previously reported that Lazarus was targeting IIS servers for initial access to corporate networks.
Microsoft application servers are becoming a popular target for hackers to use in malware distribution, likely due to their trusted nature.
Just last week, CERT-UA and Microsoft reported that Russian Turla hackers were using compromised Microsoft Exchange servers to deliver backdoors to their targets.
Lazarus hackers target Windows IIS web servers for initial access.
Hackers infect Linux SSH servers with Tsunami botnet malware.
News URL
Related news
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- Microsoft: macOS bug lets hackers install malicious kernel drivers (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)