Threat Management, Network Security, Threat Management
Wslink downloader may have links to the North Korean Lazarus Group

ESET researchers say a payload contains an overlap with several samples of the Lazarus Group, which has been linked with North Korea. (BirgitKorber/Adobe)
Researchers reported discovering one of the payloads of the Wslink downloader first uncovered in 2021, saying with “low confidence” that it could be linked to the North Korean-backed Lazarus Group best known for the 2014 Sony hack.In a Feb. 23 blog post, ESET researchers named the payload WinorDLL64 based on its filename, WinorDLL64.dll. The payload contains an overlap in the development environment, behavior and code with several Lazarus samples.Along with the Sony hack, Lazarus was responsible for stealing tens-of-millions-of-dollars in a 2016 cyberheist, the WannaCry outbreak in 2017, and has a long history of disruptive attacks against South Korean public and critical infrastructure. US-CERT and the FBI call the group Hidden Cobra.ESET telemetry has seen only a few detections of Wslink in Central Europe, North America, and the Middle East. The researchers said the discovery was significant because Wslink’s payload can provide a means for file manipulation, execution of further code, and obtaining extensive information about the underlying system that possibly can be leveraged for lateral movement. The Wslink loader listens on a port specified in the configuration and can serve additional connecting clients, and even load various payloads.WinorDLL64 serves as a backdoor that most notably acquires extensive system information, provides means for file manipulation, and executes additional commands. It communicates over a TCP connection that was already established by its loader and uses some of the loader’s functions. The ESET researchers have "high confidence" it’s Wslink because its unique structure is used everywhere in the expected way: the TLS-context and other meaningful parameters are supplied in the anticipated order to the correct callbacks.
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds