The APT group Lazarus, known for many attacks, is also using a new backdoor malware against targets in Europe. According to ESET researchers, the intended uses are espionage and data manipulation.
The malware researchers at the IT security manufacturer ESET have uncovered a new dangerous malware from the notorious APT group Lazarus (Advanced Persistent Threat). The increased occurrence in South Korea, the code and the behavior of the "WinorDLL64" backdoor suggest that it is the hacker gang allied with North Korea. However, the backdoor is also used for targeted attacks in the Middle East and Europe. More recent detections of WinorDLL64 have been made at the ESET research facilities in the Czech Republic.
Data Exfiltration and Destruction
The malicious code can exfiltrate, overwrite and remove files, execute commands and collect extensive information about the underlying system. WinorDLL64 is one of the components of the ominous Wslink Downloader. “WSLINK is a so-called loader for Windows binaries, which, unlike other such loaders, runs as a server and executes received modules in memory.
As the wording suggests, a loader serves as a tool to load a payload or the actual malware onto the already compromised system,” explains ESET researcher Vladislav Hrčka. “The payload can later be used for lateral movements in the attacked network, since it has a special interest in network sessions. In doing so, Wslink listens on a port specified in the configuration and can serve additional connection clients and even load different payloads,” he adds.
About APT Lazarus Group
The infamous North Korean-allied group has been active since at least 2009 and is responsible for many incidents, some spectacular, such as the Sony Pictures Entertainment hack, the tens of millions of dollars worth of cyber thefts in 2016, the WannaCryptor (aka WannaCry) in 2017 and a long string of attacks on South Korea's public and critical infrastructure since at least 2011. US-CERT and the FBI refer to this group as HIDDEN COBRA.
More at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.