Lazarus Group Striking Vulnerable Windows IIS Web Servers

  /     /     /  
Publicated : 23/11/2024   Category : security


Lazarus Group Striking Vulnerable Windows IIS Web Servers


The infamous North Korean APT group is using Log4Shell, the 3CX supply chain attack, and other known vectors to breach Microsoft Web servers.



The North Korean state-backed threat actor Lazarus Group has reinvented its ongoing espionage campaign by exploiting known vulnerabilities in unpatched Windows IIS Web servers to deploy its reconnaissance malware.
Researchers with AhnLab Security Response Center (ASEC) reported that the
latest round of espionage attacks
used the Lazarus Group signature DLL side-loading technique during initial compromise.
The AhnLab Smart Defense (ASD) log ... (showed) that Windows server systems are being targeted for attacks, and malicious behaviors are being carried out through w3wp.exe, an IIS Web server process, the ASEC researchers explained. Therefore, it can be assumed that the threat actor uses poorly managed or vulnerable Web servers as their initial breach routes before executing their malicious commands later.
Initial attack vectors for the
intelligence-gathering campaign
include unpatched machines with known
vulnerabilities like Log4Shell
, public certificate vulnerabilities, and
3CX supply chain attack
, the ASEC team advised.
In particular, since the threat group primarily utilizes the DLL side-loading technique during their initial infiltrations, companies should proactively monitor abnormal process execution relationships and take preemptive measures to prevent the threat group from carrying out activities such as information exfiltration and lateral movement, the
AhnLab report
added.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Lazarus Group Striking Vulnerable Windows IIS Web Servers