Guardians of Peace

The Guardians of Peace, a threat actor with alleged ties to North Korea, came to prominence in 2014 following a massive cyberattack on Sony Pictures Entertainment. The group, also known as the Lazarus Group or the Whois Team, infiltrated Sony's systems and leaked sensitive data, including private details about employees and their families, internal emails, high-level salary information, and unreleased films. The attack was initiated after Sony executives received phishing emails from the group, demonstrating their sophisticated hacking capabilities. Despite initial claims by the Guardians of Peace taking responsibility for the attack, the Federal Bureau of Investigation (FBI) attributed the incident to North Korea within 25 days. The U.S. government quickly rallied behind the FBI's assertion, with no apparent internal dispute over the attribution. This rapid consensus, despite the inherent challenges in accurately attributing cyberattacks, underscored the seriousness with which the incident was treated. In addition to the Sony hack, the Guardians of Peace have been linked to other malicious activities. In October 2018, the United States Computer Emergency Readiness Team (US-CERT) issued a joint technical alert with the Department of Homeland Security (DHS), the FBI, and the Treasury, warning about an ATM cash-out scheme called "FASTCash." This scheme was reportedly used by the North Korean Advanced Persistent Threat (APT) hacking group known as Hidden Cobra, another alias for the Guardians of Peace. These incidents highlight the ongoing threat posed by the group and the need for continued vigilance in cybersecurity efforts.