Who are The Lazarus Group?

Credit: Fotoknips | Dreamstime.com

If you’ve looked beyond the headlines of recent cyber-attacks, you might have seen or heard of or about something called “Lazarus” or “The Lazarus Group”.

Here’s a quick rundown of everything you need to know about them, or at least what we know about them based on publicly released research by cybersecurity giants McAfee, Symantec and Kaspersky.

Who are the Lazarus Group?

The Lazarus Group are a group of cyber-criminals that some security experts believe are native to, or at-least based out of, North Korea. Some organizations have even taken this a step further and accused the group of being a state-backed one. However, others are more skeptical about this detail.

Speaking to Phys.org in 2014, James Scott, a senior fellow at the Institute for Critical Infrastructure Technology, insisted that "There is no conclusive evidence that Lazarus is state-sponsored.”

What have they been responsible for?

The Lazarus Group have been responsible for some of the biggest cyberattacks in recent history. They are believed to have been responsible for 2014’s Sony hack and they’re also believed to be connected to the theft of US$81 million from the Central Bank of Bangladesh in 2016.

According to Symantec, they may well have also been responsible for last year’s Wannacry ransomware outbreak.

In a recent security report, Symantec noted that “aside from commonalities in the tools used to spread WannaCry, there are also a number of links between WannaCry itself and Lazarus.” They say that WannaCry “shares some code with Backdoor.Contopee, malware that has previously been linked to Lazarus” and that “ One variant of Contopee uses a custom SSL implementation, with an identical cipher suite, which is also used by WannaCry.”

A timeline of recent Lazarus activity assembled by Kaspersky can be seen below.

Credit: Kaspersky

Will they strike again?

Almost certainly.

“We’re sure they’ll come back soon. In all, attacks like the ones conducted by Lazarus group show that a minor misconfiguration may result in a major security breach, which can potentially cost a targeted business hundreds of millions of dollars in loss. We hope that chief executives from banks, casinos and investment companies around the world will become wary of the name Lazarus,” said Vitaly Kamluk, Head of Global Research and Analysis Team APAC at Kaspersky Lab.

According to a recent research report by McAfee, the group is said to be pivoting towards mobile-driven malware. In 2017, they wrote that “The McAfee Mobile Research team has identified a new threat—Android malware that poses as a legitimate app available from Google Play and targets South Korean users—that suggests a deviation from the traditional playbook.”

“An analysis of campaign code, infrastructure, and tactics and procedures suggests the Lazarus group is responsible, as they evolve their attack tactics to now operate within the mobile platform. And although the debate regarding attribution of attacks will always rage, documenting evolving tactics by threat actor groups allows organizations and consumers to adapt their defenses accordingly.”

They go on to say that “evolving attacks onto the mobile platform are likely to continue, and this appears to be the first example of the Lazarus group using mobile. Such a change, therefore, is significant, demonstrating that criminals are keeping up with platform popularity”

Credit: Samorn Tarapan | Dreamstime.com

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags hackerscyber-crimeLazarus Group

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Fergus Halliday
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?