Security News > 2023 > July > Lazarus hackers hijack Microsoft IIS servers to spread malware
2023-07-24 20:34
The North Korean state-sponsored Lazarus hacking group is breaching Windows Internet Information Service web servers to hijack them for malware distribution.
South Korean security analysts at ASEC previously reported that Lazarus was targeting IIS servers for initial access to corporate networks.
Microsoft application servers are becoming a popular target for hackers to use in malware distribution, likely due to their trusted nature.
Just last week, CERT-UA and Microsoft reported that Russian Turla hackers were using compromised Microsoft Exchange servers to deliver backdoors to their targets.
Lazarus hackers target Windows IIS web servers for initial access.
Hackers infect Linux SSH servers with Tsunami botnet malware.
News URL
Related news
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Hackers spoof Microsoft ADFS login pages to steal credentials (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- Microsoft says attackers use exposed ASP.NET keys to deploy malware (source)
- Attackers compromise IIS servers by leveraging exposed ASP.NET machine keys (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)