Guardians of Peace

Threat Actor updated a month ago (2024-10-16T00:00:56.512Z)
Download STIX
Preview STIX
The Guardians of Peace, a threat actor with alleged ties to North Korea, came to prominence in 2014 following a massive cyberattack on Sony Pictures Entertainment. The group, also known as the Lazarus Group or the Whois Team, infiltrated Sony's systems and leaked sensitive data, including private details about employees and their families, internal emails, high-level salary information, and unreleased films. The attack was initiated after Sony executives received phishing emails from the group, demonstrating their sophisticated hacking capabilities. Despite initial claims by the Guardians of Peace taking responsibility for the attack, the Federal Bureau of Investigation (FBI) attributed the incident to North Korea within 25 days. The U.S. government quickly rallied behind the FBI's assertion, with no apparent internal dispute over the attribution. This rapid consensus, despite the inherent challenges in accurately attributing cyberattacks, underscored the seriousness with which the incident was treated. In addition to the Sony hack, the Guardians of Peace have been linked to other malicious activities. In October 2018, the United States Computer Emergency Readiness Team (US-CERT) issued a joint technical alert with the Department of Homeland Security (DHS), the FBI, and the Treasury, warning about an ATM cash-out scheme called "FASTCash." This scheme was reportedly used by the North Korean Advanced Persistent Threat (APT) hacking group known as Hidden Cobra, another alias for the Guardians of Peace. These incidents highlight the ongoing threat posed by the group and the need for continued vigilance in cybersecurity efforts.
Description last updated: 2024-10-15T23:15:52.220Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Lazarus Group is a possible alias for Guardians of Peace. The Lazarus Group, a notorious North Korean state-sponsored threat actor, is among the most prolific and dangerous cyber threat actors in operation. The group has been involved in several high-profile cyber-attacks, including Operation DreamJob in Spain, with the primary objective of funding North K
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.