The Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services (IIS) servers as an initial breach route to deploy malware on targeted systems.
The malicious DLL is placed in the same folder path as a normal application and is then executed before the normal application executes.
DLL side-loading, similar to DLL search-order hijacking, refers to the proxy execution of a rogue DLL via a benign binary planted in the .
The Lazarus Group and its various clusters are believed to be operated by the Technical Reconnaissance Bureau, which oversees North Korea’s development of offensive cyber tactics and tools.
According to ASEC, the Lazarus Group also uses worms that execute within the same directory as Word Conv.exe.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply