• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

WinorDLL64 Backdoor Linked to Lazarus Group

You are here: Home / General Cyber Security News / WinorDLL64 Backdoor Linked to Lazarus Group
February 23, 2023

A payload of the Wslink downloader named WinorDLL64 has been linked to the North Korea-aligned highly developed persistent danger (APT) regarded as Lazarus Group.

The link was created by cybersecurity researchers at Eset, who posted an posting about it earlier nowadays.

“Wslink […] is a loader for Windows binaries that, contrary to other this sort of loaders, runs as a server and executes acquired modules in memory,” wrote Eset malware analyst Vladislav Hrčka.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


According to the advisory, the first Wslink compromise vector was not recognized, but the malware was uploaded to VirusTotal from South Korea next the publication of the corporation advisory.

“The WinorDLL64 payload serves as a backdoor that most notably acquires considerable system information and facts, supplies signifies for file manipulation, these kinds of as exfiltrating, overwriting, and eradicating files, and executes further commands,” wrote Hrčka.

Even more, the Wslink loader listens on a port specified in the file configuration. It can reportedly serve other connecting customers and load extra payloads.

Initially viewed by the Eset team in 2021, Wslink was not promptly associated by the security specialists with Lazarus. The relationship was built only not long ago owing to an overlap in the specific location, actions and code with recognized Lazarus samples. In certain, the overlaps have been observed with two Lazarus-attributed campaigns: procedure GhostSecret and the Bankshot implant.

“WinorDLL64 incorporates an overlap in the growth surroundings, habits, and code with many Lazarus samples, which indicates that it may well be a device from the huge arsenal of this North-Korea-aligned APT group,” Hrčka stated.

A lot more info about the samples analyzed by Eset, as nicely as associated indicators of compromise (IoT), are presented in the company’s advisory.

The technological publish-up arrives weeks after the US Federal Bureau of Investigation (FBI) linked Lazarus Team to the $100m theft from cryptocurrency organization Harmony. More lately, the APT was observed committing an “operational security oversight” while targeting investigate, clinical and power sector corporations.


Some parts of this report are sourced from:
www.infosecurity-magazine.com

Previous Post: «lockbit leaks 44gb of royal mail's data and sets fresh LockBit leaks 44GB of Royal Mail’s data and sets fresh £33 million ransom
Next Post: Even Top-Ranked Android Apps in Google Play Store Provide Misleading Data Safety Labels even top ranked android apps in google play store provide misleading»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • NightEagle APT Exploits Microsoft Exchange Flaw to Target China’s Military and Tech Sectors
  • Your AI Agents Might Be Leaking Data — Watch this Webinar to Learn How to Stop It
  • Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros
  • Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission
  • Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams
  • Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets
  • The Hidden Weaknesses in AI SOC Tools that No One Talks About
  • Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms
  • Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials
  • North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.