Lazarus's New Additions: Wslink Loader and WinorDLL64 Backdoor

28 February 2023
ESET researchers uncovered a connection between the North Korean Lazarus APT group and WinorDLL64 - a new backdoor associated with the Wslink malware downloader. Wslink, primarily a malicious loader, can be leveraged by the attacker for lateral movement as well. WinorDLL64 is a fully-featured backdoor implant that can exfiltrate, overwrite, and delete files for file manipulation.