The Lazarus Group

The Lazarus Group, identified as a threat actor and an agency controlled by the North Korean government, has been involved in numerous high-profile cybercrimes. As designated by the Office of Foreign Assets Control (OFAC) on September 13, 2019, this group is notorious for its highly skilled operations. In 2022, the Lazarus Group was responsible for several significant crypto heists, including the Horizon Bridge and Ronin Bridge hacks. Furthermore, after tracking the DeathNote cluster, it was determined that the Lazarus Group is behind this malware strain, which they have used multiple times in various campaigns. CollectionRAT, although not a novel piece of code, has become another tool in the Lazarus Group's extensive toolbox. Despite its common functionality seen in many malware toolkits, it has been effectively utilized by the group. The Lazarus Group had reportedly moved about $26,000 worth of stolen crypto within 24 hours, demonstrating their active engagement in illicit activities. The FBI has issued warnings about the ongoing activities of this group. The Lazarus Group has also been implicated in money laundering through the use of cryptomixer Tornado Cash. The United States unveiled charges against a Russian national and a Washington state man for creating, operating, and promoting Tornado Cash, which enabled threat actors like the Lazarus Group to launder more than $1 billion. Despite knowing the Lazarus Group was using their service to launder large amounts of stolen virtual currency for the benefit of the North Korean regime, the founders of Tornado Cash continued to develop and promote the service without taking meaningful steps to reduce its use for illicit purposes.