Researchers at South Korea’s AhnLab Security Emergency Response Center (ASEC) have detected the North Korean state-sponsored Lazarus group exploiting vulnerable installations of Windows Internet Information Services (IIS) web servers to gain access to corporate networks. The ASEC blog post details “the DLL side-loading technique used by the threat actor during their initial infiltration process as well as their follow-up behaviors.” More info here https://asec.ahnlab.com/en/53132/