You are currently viewing Lazarus Group is Exploiting Vulnerable Windows IIS Servers to Access Networks

Lazarus Group is Exploiting Vulnerable Windows IIS Servers to Access Networks

Researchers at South Korea’s AhnLab Security Emergency Response Center (ASEC) have detected the North Korean state-sponsored Lazarus group exploiting vulnerable installations of Windows Internet Information Services (IIS) web servers to gain access to corporate networks. The ASEC blog post details “the DLL side-loading technique used by the threat actor during their initial infiltration process as well as their follow-up behaviors.” More info here https://asec.ahnlab.com/en/53132/