Who are The Lazarus Group?

Credit: Fotoknips | Dreamstime.com

If you’ve looked beyond the headlines of recent cyber-attacks, you might have seen or heard of or about something called “Lazarus” or “The Lazarus Group”.

Here’s a quick rundown of everything you need to know about them, or at least what we know about them based on publicly released research by cybersecurity giants McAfee, Symantec and Kaspersky.

Who are the Lazarus Group?

The Lazarus Group are a group of cyber-criminals that some security experts believe are native to, or at-least based out of, North Korea. Some organizations have even taken this a step further and accused the group of being a state-backed one. However, others are more skeptical about this detail.

Speaking to Phys.org in 2014, James Scott, a senior fellow at the Institute for Critical Infrastructure Technology, insisted that "There is no conclusive evidence that Lazarus is state-sponsored.”

What have they been responsible for?

The Lazarus Group have been responsible for some of the biggest cyberattacks in recent history. They are believed to have been responsible for 2014’s Sony hack and they’re also believed to be connected to the theft of US$81 million from the Central Bank of Bangladesh in 2016.

According to Symantec, they may well have also been responsible for last year’s Wannacry ransomware outbreak.

In a recent security report, Symantec noted that “aside from commonalities in the tools used to spread WannaCry, there are also a number of links between WannaCry itself and Lazarus.” They say that WannaCry “shares some code with Backdoor.Contopee, malware that has previously been linked to Lazarus” and that “ One variant of Contopee uses a custom SSL implementation, with an identical cipher suite, which is also used by WannaCry.”

A timeline of recent Lazarus activity assembled by Kaspersky can be seen below.

Credit: Kaspersky

Will they strike again?

Almost certainly.

“We’re sure they’ll come back soon. In all, attacks like the ones conducted by Lazarus group show that a minor misconfiguration may result in a major security breach, which can potentially cost a targeted business hundreds of millions of dollars in loss. We hope that chief executives from banks, casinos and investment companies around the world will become wary of the name Lazarus,” said Vitaly Kamluk, Head of Global Research and Analysis Team APAC at Kaspersky Lab.

According to a recent research report by McAfee, the group is said to be pivoting towards mobile-driven malware. In 2017, they wrote that “The McAfee Mobile Research team has identified a new threat—Android malware that poses as a legitimate app available from Google Play and targets South Korean users—that suggests a deviation from the traditional playbook.”

“An analysis of campaign code, infrastructure, and tactics and procedures suggests the Lazarus group is responsible, as they evolve their attack tactics to now operate within the mobile platform. And although the debate regarding attribution of attacks will always rage, documenting evolving tactics by threat actor groups allows organizations and consumers to adapt their defenses accordingly.”

They go on to say that “evolving attacks onto the mobile platform are likely to continue, and this appears to be the first example of the Lazarus group using mobile. Such a change, therefore, is significant, demonstrating that criminals are keeping up with platform popularity”

Credit: Samorn Tarapan | Dreamstime.com

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags hackerscyber-crimeLazarus Group

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Fergus Halliday
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?