Lazarus Group
High ConfidenceCritical ThreatHidden Cobra • ZINC • Diamond Sleet • Labyrinth Chollima • APT38 • Guardians of Peace +2 more
Lazarus Group is a highly sophisticated and persistent threat actor with strong ties to the North Korean government, specifically the Reconnaissance General Bureau (RGB). Active since at least 2009, the group has been implicated in a wide range of malicious cyber activities, from cyber espionage and disruptive attacks to large-scale financial theft. Their operations demonstrate a consistent pattern of adaptation, with the group frequently reorganizing and refining its tactics to align with North Korea's strategic priorities. The name "Lazarus Group" is often used as an umbrella term to describe a consortium of North Korean cyber units, making attribution of specific attacks a complex challenge for the global cybersecurity community. The group's evolution from a primarily disruptive force to a financially motivated criminal enterprise marks a significant shift in their operational focus. Initially known for high-profile attacks like the 2014 Sony Pictures Entertainment hack, which involved data destruction and public leaks, Lazarus has increasingly turned its attention to the lucrative world of cryptocurrency theft and financial institution heists. This strategic pivot is widely believed to be a direct response to international sanctions, with the group now serving as a key revenue-generating tool for the North Korean regime. Despite this shift, Lazarus retains its potent de...
Lazarus Group is a highly sophisticated and persistent threat actor with strong ties to the North Korean government, specifically the Reconnaissance General Bureau (RGB). Active since at least 2009, the group has been implicated in a wide range of malicious cyber activities, from cyber espionage and disruptive attacks to large-scale financial theft. Their operations demonstrate a consistent pattern of adaptation, with the group frequently reorganizing and refining its tactics to align with North Korea's strategic priorities. The name "Lazarus Group" is often used as an umbrella term to describe a consortium of North Korean cyber units, making attribution of specific attacks a complex challenge for the global cybersecurity community. The group's evolution from a primarily disruptive force to a financially motivated criminal enterprise marks a significant shift in their operational focus. Initially known for high-profile attacks like the 2014 Sony Pictures Entertainment hack, which involved data destruction and public leaks, Lazarus has increasingly turned its attention to the lucrative world of cryptocurrency theft and financial institution heists. This strategic pivot is widely believed to be a direct response to international sanctions, with the group now serving as a key revenue-generating tool for the North Korean regime. Despite this shift, Lazarus retains its potent de...
Target Sectors
Target Regions
Attributed to RGB (Reconnaissance General Bureau) (North Korea). Attribution confidence: High.
Future Outlook
Lazarus Group is expected to continue operations targeting Financial Services sectors.
First observed activity of Lazarus Group
Sony Pictures Entertainment attack
Bangladesh Bank heist attempt ($81M stolen)
WannaCry ransomware global outbreak
Continued active operations