Cybersecurity researchers link new payload to North Korea’s Lazarus Group
Analysis finds overlap in code and behavior between newly uncovered payload and DPRK’s past operations
North Korea’s most notorious hacking syndicate may be abusing a new security backdoor as it bolsters its “vast arsenal” of malware, according to security researchers, as the Lazarus Group targets victims in South Korea and other countries.
The payload, dubbed WinorDLL64, enables the hackers to acquire extensive system information, manipulate and delete files and execute additional commands, Slovak security firm ESET said in a report released Thursday.
The payload is just one part of Wslink, a malicious loader for Windows binaries, that ESET previously uncovered in 2021. A loader serves to deploy the actual malware
- 01North Korea’s new silo-based missile raises risk of prompt preemptive strikes
- 02Why normalizing US-North Korea relations is a prerequisite for denuclearization
- 03North Korean planes active at Pyongyang airport hours after runway missile test
- 04North Korea using US-ROK drills as cover to carry out missile tests, experts say
- 05State media review: North Korea says rusty American bombs threaten capital
- 06Why the US might not actually try to shoot down a North Korean ICBM over Pacific
- 07Huge swath of Pyongyang under construction after state mobilized young people
- 08How North Korea’s submarine-launched cruise missiles ratchet up risk of conflict
- 09North Korea’s solid-fuel missile salvo sends clear message to US, ROK
- 10State media review: North Korea celebrates itself as a land of gender equality