• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

WinorDLL64 Backdoor Linked to Lazarus Group

You are here: Home / General Cyber Security News / WinorDLL64 Backdoor Linked to Lazarus Group
February 23, 2023

A payload of the Wslink downloader named WinorDLL64 has been linked to the North Korea-aligned highly developed persistent danger (APT) regarded as Lazarus Group.

The link was created by cybersecurity researchers at Eset, who posted an posting about it earlier nowadays.

“Wslink […] is a loader for Windows binaries that, contrary to other this sort of loaders, runs as a server and executes acquired modules in memory,” wrote Eset malware analyst Vladislav Hrčka.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


According to the advisory, the first Wslink compromise vector was not recognized, but the malware was uploaded to VirusTotal from South Korea next the publication of the corporation advisory.

“The WinorDLL64 payload serves as a backdoor that most notably acquires considerable system information and facts, supplies signifies for file manipulation, these kinds of as exfiltrating, overwriting, and eradicating files, and executes further commands,” wrote Hrčka.

Even more, the Wslink loader listens on a port specified in the file configuration. It can reportedly serve other connecting customers and load extra payloads.

Initially viewed by the Eset team in 2021, Wslink was not promptly associated by the security specialists with Lazarus. The relationship was built only not long ago owing to an overlap in the specific location, actions and code with recognized Lazarus samples. In certain, the overlaps have been observed with two Lazarus-attributed campaigns: procedure GhostSecret and the Bankshot implant.

“WinorDLL64 incorporates an overlap in the growth surroundings, habits, and code with many Lazarus samples, which indicates that it may well be a device from the huge arsenal of this North-Korea-aligned APT group,” Hrčka stated.

A lot more info about the samples analyzed by Eset, as nicely as associated indicators of compromise (IoT), are presented in the company’s advisory.

The technological publish-up arrives weeks after the US Federal Bureau of Investigation (FBI) linked Lazarus Team to the $100m theft from cryptocurrency organization Harmony. More lately, the APT was observed committing an “operational security oversight” while targeting investigate, clinical and power sector corporations.


Some parts of this report are sourced from:
www.infosecurity-magazine.com

Previous Post: «lockbit leaks 44gb of royal mail's data and sets fresh LockBit leaks 44GB of Royal Mail’s data and sets fresh £33 million ransom
Next Post: Even Top-Ranked Android Apps in Google Play Store Provide Misleading Data Safety Labels even top ranked android apps in google play store provide misleading»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet
  • Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
  • Fifth of Execs Admit Security Flaws Cost Them New Biz
  • Online Safety Bill: Why is Ofcom being thrown under the bus?

Copyright © TheCyberSecurity.News, All Rights Reserved.