• Sun. Oct 15th, 2023

Microsoft IIS Servers Targeted by Lazarus

Avatar photo

ByEsme Greene

Aug 18, 2023
Microsoft IIS Servers Targeted by Lazarus
Esme Greene
Latest posts by Esme Greene (see all)

Security analysts assert that the extremely active Lazarus Group, which has links to North Korea, has been assaulting insecure Microsoft IIS servers in an effort to escalate privileges and disseminate malware. A sophisticated persistent threat organization penetrated and changed the content of South Korean websites by utilizing watering hole strategies to persuade people to set up the virus.

Cyber Intruders Exploit INISAFE Vulnerability: Lazarus Group Strikes Again

Microsoft’s IIS web server enables users to communicate dynamic information in addition to hosting, maintaining, and distributing web applications. An assault was made against the South Korean program INISAFE CrossWeb EX V6 for securing financial transactions.

INISAFE Web EX is highly known among South Korean businesses. Attackers employed the defective INISAFE CrossWeb EX V6 in order to seize control of a local website.

The SCSKAppLink.dll malware was attempted to be installed by the attackers via the INISAFE weakness. The download URL for the virus was discovered on the IIS web server that Lazarus Group confiscated. Even after the Initech flaw was patched, the attackers continued to target unpatched computers.

Lazarus Group has in the past compromised IIS systems by using subpar servers as entry points using RDP to move laterally.

Latest Lazarus Group attacks included elements that were influenced by the JuicyPotato privilege expansion virus. Thanks to usopriv.exe, a part of w3wp.exe, the virus was able to enhance its rights. For illicit actions, the virus serves as backdoors or downloaders.

Infected data files and loader malware are combined by Lazarus Group. Their data file decryptor and in-memory loader for the PE format searches for data files.

Effective safety measures and meticulous patch management are crucial to ward off the Lazarus Group’s intricate and constantly changing assaults. These dangers are still present.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.