The Lazarus threat group has stepped up its attacks on vulnerable Microsoft Internet Information Services (IIS) instances, using them not only as access points for target organizations but also to spread malware.

Microsoft IIS web servers are a popular attack vector for hackers and the what is believed to be the North Korean state-sponsored Lazarus advanced persistent threat (APT) group which has previously been observed targeting the Microsoft resource.

In a blog post published on Monday, AhnLab Security Emergency response Center (ASEC) researchers said they had recently observed attacks by Lazarus on South Korean websites where IIS servers were used as malware distribution points.