AhnLab ASEC analyzes Lazarus intrusions against Windows web servers that were compromised and reused as command-and-control infrastructure. The report describes attacks on South Korean web servers where the actor installed web shells and C2 proxy scripts, including ASP-based components on IIS servers, to relay traffic between malware and next-stage C2 systems. It also notes cases involving LazarLoader malware and privilege-escalation tooling, making the activity relevant for defenders monitoring exposed Windows web applications, web-shell deployment, proxy C2 behavior, and follow-on loader execution.