ESET researchers uncovered a connection between the North Korean Lazarus APT group and WinorDLL64 – a new backdoor associated with the Wslink malware downloader. Wslink, primarily a malicious loader, can be leveraged by the attacker for lateral movement as well. WinorDLL64 is a fully-featured backdoor implant that can exfiltrate, overwrite, and delete files for file manipulation.