Lazarus Lazarus

  • First known sample

  • Discovery

  • Number of targets

  • Current status

  • Type

    Cyberespionage toolkit
  • Targeted platforms

  • TOP targeted countries

    Brazil , China , India , Indonesia , Iran , Iraq , Malaysia , Mexico , Poland , Russia , Saudi Arabia , South Korea , Taiwan , Thailand , Turkey , USA , Vietnam

More about the Lazarus group, its tactics, techniques, procedures and tools

Learn more
  • The way of propagation

    Watering hole attacks
  • Purpose/Functions

    Cyberespionage , Cybersabotage
  • Special features

    Anti-forensics, HDD wiper, SWIFT Alliance software tampering, multi-stage loaders, false flag operations.

  • Targets

    Financial institutions , Government entities , Military
  • Artefacts/Attribution

    Out of the Lazarus group reference sample set compiled by our partner Novetta, just over 60% (61.9%) of them have at least one PE resource with Korean locale or language. A North Korean IP was involved in at least two operations against banks in Europe in 2017.

  • Description

    An APT actor that’s been active since at least 2009. This group is believed to be responsible for numerous multifaceted campaigns that include cyberespionage, cyber sabotage, ransomware, and attacks against financial institutions. Originally, the group was focused on carrying out what seemed to be a geopolitical agenda mainly focused on South Korea. However, it has since moved on to global targets and has begun launching attacks for financial gain.

    Additional information