Cybersecurity researchers link new payload to North Korea’s Lazarus Group



News Cybersecurity researchers link new payload to North Korea’s Lazarus Group Analysis finds overlap in code and behavior between newly uncovered payload and DPRK’s past operations Shreyas Reddy February 24, 2023 SHARE COPY LINK FACEBOOK X LINKEDIN MASTODON Image: methodshop/Pixabay North Korea’s most notorious hacking syndicate may be abusing a new security backdoor as it bolsters its “vast arsenal” of malware, according to security researchers, as the Lazarus Group targets victims in South Korea and other countries. The payload, dubbed WinorDLL64, enables the hackers to acquire extensive system information, manipulate and delete files and execute additional commands, Slovak security firm ESET said in a report released Thursday. The payload is just one part of Wslink, a malicious loader for Windows binaries, that ESET previously uncovered in 2021. A loader serves to deploy the actual malware Read More © Korea Risk Group. All rights reserved. No part of this content may be reproduced, distributed, or used for commercial purposes without prior written permission from Korea Risk Group. LATEST ANALYSIS 01How long-range strikes on Russia could impact North Korean troop deployments 02How North Korean hackers and IT workers collude to cause chaos 03What pro-Trump think tanks reveal about his likely North Korea policy priorities 04Yoon bet on US to deter North Korea. Now he faces an alliance skeptic in Trump. 05All the question marks hanging over Trump’s approach to North Korea in term two 06Time almost up for North Korea’s plan to launch 3 military satellites in 2024 07Trump return rekindles prospects of North Korea talks, but Russia stands in way 08How China could benefit from North Korea’s troop deployment to Ukraine 09New North Korean ICBM delivers big political message, and likely bigger payloads 10How North Korea-Russia ties will challenge next US president, no matter who wins

News

Cybersecurity researchers link new payload to North Korea’s Lazarus Group

Analysis finds overlap in code and behavior between newly uncovered payload and DPRK’s past operations

Shreyas Reddy February 24, 2023

Cybersecurity researchers link new payload to North Korea’s Lazarus Group

North Korea’s most notorious hacking syndicate may be abusing a new security backdoor as it bolsters its “vast arsenal” of malware, according to security researchers, as the Lazarus Group targets victims in South Korea and other countries.

The payload, dubbed WinorDLL64, enables the hackers to acquire extensive system information, manipulate and delete files and execute additional commands, Slovak security firm ESET said in a report released Thursday.

The payload is just one part of Wslink, a malicious loader for Windows binaries, that ESET previously uncovered in 2021. A loader serves to deploy the actual malware

01How long-range strikes on Russia could impact North Korean troop deployments
02How North Korean hackers and IT workers collude to cause chaos
03What pro-Trump think tanks reveal about his likely North Korea policy priorities
04Yoon bet on US to deter North Korea. Now he faces an alliance skeptic in Trump.
05All the question marks hanging over Trump’s approach to North Korea in term two
06Time almost up for North Korea’s plan to launch 3 military satellites in 2024
07Trump return rekindles prospects of North Korea talks, but Russia stands in way
08How China could benefit from North Korea’s troop deployment to Ukraine
09New North Korean ICBM delivers big political message, and likely bigger payloads
10How North Korea-Russia ties will challenge next US president, no matter who wins

Cybersecurity researchers link new payload to North Korea’s Lazarus Group

LATEST ANALYSIS

Similar Articles

About the Author

Shreyas Reddy