Lazarus Group

Lazarus Group
라자루스 조직
Formationc. 2009[1]
TypeAdvanced persistent threat
PurposeCyberespionage, cyberwarfare
Region
Potonggang District, Pyongyang, North Korea
MethodsZero-days, spearphishing, malware, disinformation, backdoors, droppers
Official language
Korean
Parent organization
Reconnaissance General Bureau
Korea Computer Center
Nonserviam Cyber Warfare Command
AffiliationsBureau 121, Unit 180, AndAriel
Formerly called
APT38
Gods Apostles
Gods Disciples
Guardians of Peace
ZINC
Whois Team
Hidden Cobra
Preview warning: Page using Template:Infobox organization with unknown parameter "part of"

The Lazarus Group (also known as Guardians of Peace or Whois Team[1][2][3]) is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them since 2010. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra (used by the United States Department of Homeland Security to refer to malicious cyber activity by the North Korean government in general)[4][5] and ZINC or Diamond Sleet[6] (by Microsoft).[7][8][9] According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.[10]

The Lazarus Group has strong links to North Korea.[11][12] The United States Department of Justice has claimed the group is part of the North Korean government's strategy to "undermine global cybersecurity ... and generate illicit revenue in violation of ... sanctions".[13] North Korea benefits from conducting cyber operations because it can present an asymmetric threat with a small group of operators, especially to South Korea.[14]

  1. ^ "North Korea Designations; Global Magnitsky Designation". U.S. Department of the Treasury. 2019. LAZARUS GROUP (a.k.a. "APPLEWORM"; a.k.a. "APT-C-26"; a.k.a. "GROUP 77"; a.k.a. "GUARDIANS OF PEACE"; a.k.a. "HIDDEN COBRA"; a.k.a. "OFFICE 91"; a.k.a. "RED DOT"; a.k.a. "TEMP.HERMIT"; a.k.a. "THE NEW ROMANTIC CYBER ARMY TEAM"; a.k.a. "WHOIS HACKING TEAM"; a.k.a. "ZINC"), Potonggang District...
  2. ^ "Lazarus Group | InsightIDR Documentation". Rapid7. Andariel, Appleworm, APT-C-26, APT38, Bluenoroff, Bureau 121, COVELLITE, Dark Seoul, GOP, Group 77, Guardian of Peace, Guardians of Peace, Hastati Group, HIDDEN COBRA, Labyrinth Chollima, Lazarus, NewRomantic Cyber Army Team, NICKEL ACADEMY, Operation AppleJesus, Operation DarkSeoul, Operation GhostSecret, Operation Troy, Silent Chollima, Subgroup: Andariel, Subgroup: Bluenoroff, Unit 121, Whois Hacking Team, WHOis Team, ZINC
  3. ^ "NICKEL ACADEMY | Secureworks". secureworks.com. Black Artemis (PWC), COVELLITE (Dragos), CTG-2460 (SCWX CTU), Dark Seoul, Guardians of Peace, HIDDEN COBRA (U.S. Government), High Anonymous, Labyrinth Chollima (CrowdStrike), New Romanic Cyber Army Team, NNPT Group, The Lazarus Group, Who Am I?, Whois Team, ZINC (Microsoft)
  4. ^ "HIDDEN COBRA – North Korea's DDoS Botnet Infrastructure | CISA". us-cert.cisa.gov. CISA. 2017.
  5. ^ "Lazarus Group, HIDDEN COBRA, Guardians of Peace, ZINC, NICKEL ACADEMY, Group G0032 | MITRE ATT&CK®". MITRE ATT&CK. MITRE Corporation.
  6. ^ "How Microsoft names threat actors". Microsoft. Retrieved 21 January 2024.
  7. ^ "Microsoft and Facebook disrupt ZINC malware attack to protect customers and the internet from ongoing cyberthreats". Microsoft on the Issues. 2017-12-19. Retrieved 2019-08-16.
  8. ^ "FBI thwarts Lazarus-linked North Korean surveillance malware". IT PRO. 13 May 2019. Retrieved 2019-08-16.
  9. ^ Guerrero-Saade, Juan Andres; Moriuchi, Priscilla (January 16, 2018). "North Korea Targeted South Korean Cryptocurrency Users and Exchange in Late 2017 Campaign". Recorded Future. Archived from the original on January 16, 2018.
  10. ^ "Drugs, arms, and terror: A high-profile defector on Kim's North Korea". BBC News. 2021-10-10. Retrieved 2021-10-11.
  11. ^ "Who is Lazarus? North Korea's Newest Cybercrime Collective". www.cyberpolicy.com. Retrieved 2020-08-26.
  12. ^ Beedham, Matthew (2020-01-09). "North Korean hacker group Lazarus is using Telegram to steal cryptocurrency". Hard Fork | The Next Web. Retrieved 2020-08-26.
  13. ^ Cite error: The named reference :11 was invoked but never defined (see the help page).
  14. ^ "BBC World Service - The Lazarus Heist, 10. Kill switch". BBC. 20 June 2021. Retrieved 2022-04-21.