Lazarus's New Additions - Wslink Loader and WinorDLL64 Backdoor
28-Feb-23
WinorDLL64, a new payload delivered by the Wslink malware downloader, has been discovered by researchers. These devices might be linked to the notorious APT organisation Lazarus, which is allied with North Korea. Although it was originally discovered in October 2021, Wslink has been operational since late 2018.
At that time, experts were unable to identify the first Wslink compromise vector or payload it sent. The attacker can also use Wslink, which is basically a malicious loader, for lateral movement.
