Cybersecurity researchers link new payload to North Korea’s Lazarus Group
Analysis finds overlap in code and behavior between newly uncovered payload and DPRK’s past operations
North Korea’s most notorious hacking syndicate may be abusing a new security backdoor as it bolsters its “vast arsenal” of malware, according to security researchers, as the Lazarus Group targets victims in South Korea and other countries.
The payload, dubbed WinorDLL64, enables the hackers to acquire extensive system information, manipulate and delete files and execute additional commands, Slovak security firm ESET said in a report released Thursday.
The payload is just one part of Wslink, a malicious loader for Windows binaries, that ESET previously uncovered in 2021. A loader serves to deploy the actual malware
- 01Kim Jong Un reviews old satellite imagery despite North Korea’s new eyes in sky
- 02Eyes above: How a new ROK satellite will help monitor North Korea’s every move
- 03Timeline: From North Korea’s satellite launch to scrapping 2018 military deal
- 04North Korea’s post-reform elections looked a lot like those that came before
- 05State media review: North Korea faults ‘puppets’ for collapse of military deal
- 06In orbit: Everything we know about North Korea’s new spy satellite so far
- 07Why it matters if South Koreans personally know a North Korean defector
- 08Reopening in slow motion: The growing risks of North Korea’s two-tiered scheme
- 09North Korea’s election reforms are not the first time voters have had a choice
- 10How North Korea’s move to scrap military deal raises risk of conflict with South