APT group Lazarus also uses new backdoor against targets in Europe

February 27, 2023

The backdoor will be used for espionage and data manipulation.

Malware researchers at IT security manufacturer ESET have uncovered a new dangerous malware from the notorious APT group Lazarus (Advanced Persistent Threat). The increased occurrence in South Korea, the code and the behaviour of the backdoor “WinorDLL64” suggest that it is the hacker gang allied with North Korea. However, the backdoor is also used for targeted attacks in the Middle East and Europe. ESET research facilities in the Czech Republic have recently recorded further discoveries of WinorDLL64.

The malicious code can exfiltrate, overwrite and remove files, execute commands and collect extensive information about the underlying system. WinorDLL64 is one of the components of the ominous Wslink downloader. “Wslink is a so-called loader for Windows binaries that, unlike other such loaders, runs as a server and executes received modules in memory. As the wording suggests, a loader serves as a tool to load a payload or the actual malware onto the already compromised system,” explains ESET researcher Vladislav Hrcka. “The payload can later serve for lateral movements in the attacked network, as it has a particular interest in network sessions. In doing so, Wslink listens on a port specified in the configuration and can serve additional connection clients and even load various payloads,” he adds.


Related Articles

Construction and industry find it difficult to obtain loans

Construction and industry find it difficult to obtain loans

Ifo Institute survey for June shows increase in banks' reluctance to lend It is not only the order situation for construction and industry that remains difficult, but also financing. According to a new survey by the ifo Institute (https://www.ifo.de), 27.1 per cent of...

Share This