"Lazarus Hackers Hijack Microsoft IIS Servers to Spread Malware"

The North Korean state-sponsored Lazarus hacking group is taking over Windows Internet Information Service (IIS) web servers to distribute malware. IIS is Microsoft's web server solution used to host websites or application services. ASEC's security analysts previously reported that Lazarus targeted IIS servers for initial access to corporate networks. The cybersecurity company now notes that the threat group also distributes malware via inadequately protected IIS services. The key advantage of this technique is the ease with which it can infect visitors to websites or users of services hosted on compromised IIS servers owned by reputable companies. In the recent attacks observed by ASEC's analysts, Lazarus compromised legitimate South Korean websites in order to conduct 'Watering Hole' attacks against visitors using a vulnerable version of INISAFE CrossWeb EX V6 software. This article continues to discuss the hijacking of IIS web servers by the Lazarus hacking group to distribute malware. 

Bleeping Computer reports "Lazarus Hackers Hijack Microsoft IIS Servers to Spread Malware"