Security News > 2023 > July > Lazarus hackers hijack Microsoft IIS servers to spread malware
The North Korean state-sponsored Lazarus hacking group is breaching Windows Internet Information Service web servers to hijack them for malware distribution.
South Korean security analysts at ASEC previously reported that Lazarus was targeting IIS servers for initial access to corporate networks.
Microsoft application servers are becoming a popular target for hackers to use in malware distribution, likely due to their trusted nature.
Just last week, CERT-UA and Microsoft reported that Russian Turla hackers were using compromised Microsoft Exchange servers to deliver backdoors to their targets.
Lazarus hackers target Windows IIS web servers for initial access.
Hackers infect Linux SSH servers with Tsunami botnet malware.
News URL
Related news
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)