Lazarus

Threat Actor updated 6 months ago (2024-03-14T17:29:34.567Z)
Download STIX
Preview STIX
Lazarus Group, a North Korean state-sponsored threat actor, has been active in the cybersecurity space for several years, engaging in various malicious activities. The group was notably implicated in the Sony hack and other cybercrimes that spanned over a five-year period starting from 2020, leading to charges being brought against three of its operatives by the U.S. In 2022, Cisco Talos observed Lazarus exploiting vulnerabilities in publicly exposed VMWare Horizon platforms to target energy companies worldwide through the use of MagicRAT. The group then started deploying a Trojan named QuiteRAT, a smaller version of MagicRAT, in May 2022. The Lazarus Group has continued to evolve its tactics and expand its targets. By May 2022, they were using an IP address (146.4.21.94) for their operations. They also began targeting healthcare entities in Europe and the United States, exploiting a now-patched vulnerability (CVE-2022-47966) in Zoho ManageEngine ServiceDesk to deploy QuiteRAT and CollectionRAT malware. Despite the exposure of their infrastructure by security researchers, the group continues to use much of the same components in their campaigns. Furthermore, analysis of malware samples attributed to Lazarus reveals connections to other malware families. One such connection is to Jupiter/EarlyRAT, which is linked to Andariel, a subgroup within the Lazarus Group umbrella of threat actors. This suggests a complex web of interconnected groups and malware tools operating under the Lazarus Group banner, demonstrating their persistent and sophisticated approach to cyber threats.
Description last updated: 2024-03-14T17:29:34.537Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Lazarus Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
BankInfoSecurity
a year ago
Lazarus Group Debuts Tiny Trojan for Espionage Attacks
CERT-EU
a year ago
Cyber Scams Keep North Korean Missiles Flying – Analysis
CERT-EU
a year ago
Cyber Security Week in Review: August 25, 2023
CERT-EU
a year ago
Lazarus Group's infrastructure reuse leads to discovery of new malware - Cyber Security Review
CERT-EU
a year ago
North Korean APT Hacks Internet Infrastructure Provider via ManageEngine Flaw
InfoSecurity-magazine
a year ago
Lazarus Targets Internet Infrastructure and Healthcare with QuiteRAT
CERT-EU
a year ago
North Korea threat group exploiting ManageEngine ServiceDesk bug
CERT-EU
a year ago
Millions stolen from crypto platforms Exactly Protocol and Harbor Protocol
CERT-EU
a year ago
Founders of Crypto Mixer Tornado Cash Indicted for Laundering $1 Billion
CERT-EU
a year ago
Lazarus APT exploits Zoho ManageEngine flaw to target an Internet backbone infrastructure provider | IT Security News
CERT-EU
a year ago
Years into these games’ histories, attackers are still creating “Fortnite” and “Roblox”-related scams
CERT-EU
a year ago
Lazarus Group Exploits Critical Zoho ManageEngine Flaw to Deploy Stealthy QuiteRAT Malware
Securityaffairs
a year ago
Lazarus APT exploits Zoho ManageEngine flaw to target an Internet backbone infrastructure provider
CERT-EU
a year ago
Hackers use public ManageEngine exploit to breach internet org
CERT-EU
a year ago
North Korea's Lazarus APT Uses GUI Framework to Build Stealthy RAT
CERT-EU
a year ago
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
Securityaffairs
a year ago
DoJ charged Tornado Cash founders with laundering more than $1 billion
CERT-EU
a year ago
Tornado Cash 'laundered over $1B' in criminal cryptocurrency
Securityaffairs
a year ago
FBI identifies wallets holding cryptocurrency funds stolen by North Korea
CERT-EU
a year ago
FBI: Lazarus hackers readying to cash out $41 million in stolen crypto