Who are The Lazarus Group?

Credit: Fotoknips | Dreamstime.com

If you’ve looked beyond the headlines of recent cyber-attacks, you might have seen or heard of or about something called “Lazarus” or “The Lazarus Group”.

Here’s a quick rundown of everything you need to know about them, or at least what we know about them based on publicly released research by cybersecurity giants McAfee, Symantec and Kaspersky.

Who are the Lazarus Group?

The Lazarus Group are a group of cyber-criminals that some security experts believe are native to, or at-least based out of, North Korea. Some organizations have even taken this a step further and accused the group of being a state-backed one. However, others are more skeptical about this detail.

Speaking to Phys.org in 2014, James Scott, a senior fellow at the Institute for Critical Infrastructure Technology, insisted that "There is no conclusive evidence that Lazarus is state-sponsored.”

What have they been responsible for?

The Lazarus Group have been responsible for some of the biggest cyberattacks in recent history. They are believed to have been responsible for 2014’s Sony hack and they’re also believed to be connected to the theft of US$81 million from the Central Bank of Bangladesh in 2016.

According to Symantec, they may well have also been responsible for last year’s Wannacry ransomware outbreak.

In a recent security report, Symantec noted that “aside from commonalities in the tools used to spread WannaCry, there are also a number of links between WannaCry itself and Lazarus.” They say that WannaCry “shares some code with Backdoor.Contopee, malware that has previously been linked to Lazarus” and that “ One variant of Contopee uses a custom SSL implementation, with an identical cipher suite, which is also used by WannaCry.”

A timeline of recent Lazarus activity assembled by Kaspersky can be seen below.

Credit: Kaspersky

Will they strike again?

Almost certainly.

“We’re sure they’ll come back soon. In all, attacks like the ones conducted by Lazarus group show that a minor misconfiguration may result in a major security breach, which can potentially cost a targeted business hundreds of millions of dollars in loss. We hope that chief executives from banks, casinos and investment companies around the world will become wary of the name Lazarus,” said Vitaly Kamluk, Head of Global Research and Analysis Team APAC at Kaspersky Lab.

According to a recent research report by McAfee, the group is said to be pivoting towards mobile-driven malware. In 2017, they wrote that “The McAfee Mobile Research team has identified a new threat—Android malware that poses as a legitimate app available from Google Play and targets South Korean users—that suggests a deviation from the traditional playbook.”

“An analysis of campaign code, infrastructure, and tactics and procedures suggests the Lazarus group is responsible, as they evolve their attack tactics to now operate within the mobile platform. And although the debate regarding attribution of attacks will always rage, documenting evolving tactics by threat actor groups allows organizations and consumers to adapt their defenses accordingly.”

They go on to say that “evolving attacks onto the mobile platform are likely to continue, and this appears to be the first example of the Lazarus group using mobile. Such a change, therefore, is significant, demonstrating that criminals are keeping up with platform popularity”

Credit: Samorn Tarapan | Dreamstime.com

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cyber-crimeLazarus Group

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Fergus Halliday
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Cate Bacon

Aruba Instant On AP11D

The strength of the Aruba Instant On AP11D is that the design and feature set support the modern, flexible, and mobile way of working.

Dr Prabigya Shiwakoti

Aruba Instant On AP11D

Aruba backs the AP11D up with a two-year warranty and 24/7 phone support.

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?