Live Training | What's New in Lumu Defender

Register Now

Already have an account? Sign in

Sign in

Main Menu

Group

G0032

Lazarus Group

Aliases

Hidden Cobra, Labyrinth Chollima, APT38, Guardians of Peace (self given)

Type

State intelligence service. Their goals are financial theft, espionage, and disruption.

Target

Cryptocurrency, Financial Sectors, Media, Military

Malware

WannaCry, AppleJeus, Conti, Ryuk

Country

North Korea North Korea

IoCs on Maltiverse

Maltiverse provides updated IoCs for easy SIEM/SOAR/Firewall/EDR integration.

Search for Lazarus Group

Who is Lazarus Group?

The Lazarus Group is a prolific state-sponsored hacking organization operated by North Korea’s intelligence agency Reconnaissance General Bureau. They are perhaps the world’s most famous state-backed cybercrime group.

Their operations have a dual mission. They steal huge sums of money for the regime. They also conduct traditional spying and disruptive attacks. The group is behind some of history’s boldest cyberattacks. These include the 2014 Sony Pictures hack, the 2016 Bangladesh Bank heist, and the 2017 global WannaCry ransomware attack.

Common Tactics and Tools

Lazarus uses many tactics. These range from sophisticated social engineering to zero-day bugs.

Recently, they have become experts in hacking the crypto industry. They often post fake job offers on LinkedIn. This helps them trick and hack employees at crypto companies. They have a large set of malware built for their specific goals.

  • WannaCry: A famous ransomware worm. It crippled hundreds of thousands of computers worldwide. Lazarus used a leaked NSA exploit called EternalBlue. This allowed WannaCry to spread very quickly to unpatched computers.
  • AppleJeus: A fake cryptocurrency trading app. The app looks real. But a hidden part steals private keys from users’ crypto wallets. It then sends the funds to Lazarus.
  • Ransomware deployment: Besides WannaCry, the group also uses other major ransomware. These include Conti and Ryuk. They often attack critical targets like hospitals to demand money.

How to Defend Against Lazarus Group

Defense against Lazarus needs a strategy with many strings. It must counter both their spying and their money-making attacks.

  • Scrutinize recruitment attempts: Advise staff in high-risk fields like crypto and tech to be wary of strange job offers online. Always verify recruiters and companies through official channels.
  • Secure digital assets: Companies handling cryptocurrency need tight security. Use hardware wallets. Require multiple approvals for transactions. Store private keys on air-gapped systems.
  • Rapid patching of edge services: Lazarus is known for quickly weaponizing newly disclosed vulnerabilities. Quickly patching all internet-facing systems like VPNs and firewalls is key.
  • Advanced email and endpoint security: Deploy security tools that can sandbox attachments and check links. These tools should also spot the signs of backdoors and ransomware on computers.

Related Resources

View all threat actors

Join our pre-day 
workshop waitlist

By clicking “Submit Request” you agree to the Lumu Terms of Service and Privacy Policy.