The Lazarus Group

Threat Actor updated 8 months ago (2024-01-10T14:25:38.971Z)
Download STIX
Preview STIX
The Lazarus Group, identified as a threat actor and an agency controlled by the North Korean government, has been involved in numerous high-profile cybercrimes. As designated by the Office of Foreign Assets Control (OFAC) on September 13, 2019, this group is notorious for its highly skilled operations. In 2022, the Lazarus Group was responsible for several significant crypto heists, including the Horizon Bridge and Ronin Bridge hacks. Furthermore, after tracking the DeathNote cluster, it was determined that the Lazarus Group is behind this malware strain, which they have used multiple times in various campaigns. CollectionRAT, although not a novel piece of code, has become another tool in the Lazarus Group's extensive toolbox. Despite its common functionality seen in many malware toolkits, it has been effectively utilized by the group. The Lazarus Group had reportedly moved about $26,000 worth of stolen crypto within 24 hours, demonstrating their active engagement in illicit activities. The FBI has issued warnings about the ongoing activities of this group. The Lazarus Group has also been implicated in money laundering through the use of cryptomixer Tornado Cash. The United States unveiled charges against a Russian national and a Washington state man for creating, operating, and promoting Tornado Cash, which enabled threat actors like the Lazarus Group to launder more than $1 billion. Despite knowing the Lazarus Group was using their service to launder large amounts of stolen virtual currency for the benefit of the North Korean regime, the founders of Tornado Cash continued to develop and promote the service without taking meaningful steps to reduce its use for illicit purposes.
Description last updated: 2023-09-01T23:17:16.358Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the The Lazarus Group Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
North Korea threat group exploiting ManageEngine ServiceDesk bug
BankInfoSecurity
a year ago
Cryptohack Roundup: Tornado Cash in the Eye of the Storm
CERT-EU
a year ago
Founders of Crypto Mixer Tornado Cash Indicted for Laundering $1 Billion
CERT-EU
a year ago
Years into these games’ histories, attackers are still creating “Fortnite” and “Roblox”-related scams
CERT-EU
a year ago
Lazarus Group Exploits Critical Zoho ManageEngine Flaw to Deploy Stealthy QuiteRAT Malware
Securityaffairs
a year ago
Lazarus APT exploits Zoho ManageEngine flaw to target an Internet backbone infrastructure provider
Flashpoint
a year ago
COURT DOC: Tornado Cash Founders Charged With Money Laundering And Sanctions Violations
CERT-EU
a year ago
DOJ charges Tornado Cash co-founders for laundering over $1 billion in crypto | Engadget
CERT-EU
a year ago
North Korea ready to cash out more than $40 million in Bitcoin after summer of attacks, warns FBI
CERT-EU
a year ago
Tornado Cash founders charged with money laundering and sanctions violations
Securityaffairs
a year ago
DoJ charged Tornado Cash founders with laundering more than $1 billion
CERT-EU
a year ago
FBI warns North Korean hackers poised to cash out more than $40 million in bitcoin
CERT-EU
a year ago
FBI Finds 1,580 Bitcoin in Crypto Wallets Linked to North Korean Hackers 
CERT-EU
a year ago
North Korea’s Lazarus hackers behind recent crypto heists: FBI
CERT-EU
a year ago
Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Report
ESET
a year ago
Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack | WeLiveSecurity
CSO Online
2 years ago
Lazarus group infiltrated South Korean finance firm twice last year
CERT-EU
a year ago
North Koreans Attempt to Phish Euler Exploiter of $200M in Crypto, Experts Say | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker – National Cyber Security Consulting
MITRE
2 years ago
Lazarus Targets Latin American Financial Companies
Securityaffairs
a year ago
The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea