The targeted region, and overlap in behavior and code, suggest the tool is used by the infamous North Korea-aligned APT group
WinorDLL64: A backdoor from the vast Lazarus arsenal?
WinorDLL64: A backdoor from the vast Lazarus arsenal?