Lazarus Group

Names given by cybersecurity organizations include Hidden Cobra (used by the United States Department of Homeland Security to refer to malicious cyber activity by the North Korean government in general)[4][5] and ZINC or Diamond Sleet[6] (by Microsoft).

[11][12] The United States Department of Justice has claimed the group is part of the North Korean government's strategy to "undermine global cybersecurity ... and generate illicit revenue in violation of ...

This was a cyber-espionage campaign that utilized unsophisticated distributed denial-of-service attack (DDoS) techniques to target the South Korean government in Seoul.

The volley of attacks struck about three dozen websites and placed the text "Memory of the Independence Day" in the master boot record (MBR)[24].

On that day, a Reddit post appeared stating that Sony Pictures had been hacked via unknown means; the perpetrators identified themselves as the "Guardians of Peace".

The Federal Reserve Bank of New York blocked the remaining thirty transactions, amounting to US$850 million, due to suspicions raised by a misspelled instruction.

[34][35] The WannaCry attack was a massive ransomware cyberattack that hit institutions across the globe ranging all the way from the NHS in Britain, to Boeing, and even to Universities in China on the 12th of May, 2017.

Cryptoworms are a class of malware that travels between computers using networks, without requiring direct user action for infection — in this case, exploiting TCP port 445.

[37][38] The virus exploited a vulnerability in the Windows operating system, then encrypted the computer's data in return for a sum of Bitcoin worth roughly $300 to get the key.

In order to encourage payment, the ransom demand doubled after three days, and if not paid in a week, the malware deletes the encrypted data files.

Another very interesting and unusual aspect of the attack was that the files were not recoverable after paying the ransom: only $160,000 was collected, leading many to believe that the hackers weren't after the money.

The update wasn't mandatory and the majority of computers with the vulnerability had not resolved the issue by the time May 12 rolled around, leading to the astonishing effectiveness of the attack.

[13] In 2018, Recorded Future issued a report linking the Lazarus Group to attacks on cryptocurrency Bitcoin and Monero users mostly in South Korea.

[43] Youbit, another South Korean Bitcoin exchange company, filed for bankruptcy in December 2017 after 17% of its assets were stolen by cyberattacks following an earlier attack in April 2017.

[47] Since the beginning of 2019, North Korean agents have attempted five major cyber-thefts world-wide, including a successful $49 million theft from an institution in Kuwait.

Using spear-phishing techniques, Lazarus Group members posed as health officials and contacted pharmaceutical company employees with malicious links.

It is unknown what the Lazarus Group's goal was in these attacks, but the likely possibilities include: AstraZeneca has not commented on the incident and experts do not believe any sensitive data has been compromised as of yet.

[51] Some victims who visited the blog post reported that their computers were compromised despite using fully patched versions of the Google Chrome browser, suggesting that the hackers may have used a previously unknown zero-day vulnerability affecting Chrome for the attack;[49] however, Google stated that they were unable to confirm the exact method of compromise at the time of the report.

[50] In March 2022, the Lazarus Group was found responsible for stealing $620 million worth of cryptocurrencies from the Ronin Network, a bridge used by the Axie Infinity game.

[53] The FBI confirmed that the North Korean malicious cyber actor group Lazarus (also known as APT38) was responsible for the theft of $100 million of virtual currency from Harmony's Horizon bridge reported on June 24, 2022.

[54] A report published by blockchain security platform Immunefi, alleged that Lazarus was responsible for over $300 million in losses across crypto hacking incidents in 2023.

[56] In September 2023 the FBI confirmed that a $41 million theft of cryptocurrency from Stake.com, an online casino and betting platform, was perpetrated by the Lazarus Group.

[58] According to Indian media reports, a local cryptocurrency exchange named WazirX was hacked by the group and $234.9 million worth of crypto assets have been stolen.

[63][64] BlueNorOff (also known as: APT38, Stardust Chollima, BeagleBoyz, NICKEL GLADSTONE[65]) is a financially motivated group that is responsible for the illegal transfers of money via forging orders from SWIFT.

[68] They target financial institutions and cryptocurrency exchanges, including over 16 organizations in at least 13 countries[a] between 2014 and 2021: Bangladesh, Chile, India, Mexico, Pakistan, the Philippines, South Korea, Taiwan, Turkey, and Vietnam.

[64] Malware associated with BlueNorOff include: "DarkComet, Mimikatz, Nestegg, Macktruck, WannaCry, Whiteout, Quickcafe, Rawhide, Smoothride, TightVNC, Sorrybrute, Keylime, Snapshot, Mapmaker, net.exe, sysmon, Bootwreck, Cleantoad, Closeshave, Dyepack, Hermes, Twopence, Electricfish, Powerratankba, and Powerspritz"[65] Tactics commonly used by BlueNorOff include: phishing, backdoors,[64] Drive-by compromise, Watering hole attack, exploitation of insecure out-of-date versions of Apache Struts 2 to execute code on a system, strategic web compromise, and accessing Linux servers.

[69] AndAriel (also spelled Andarial,[68] and also known as: Silent Chollima, Dark Seoul, Rifle, and Wassonite[65]) is logistically characterized by its targeting of South Korea.

FBI wanted notice for one of the hackers of the Lazarus Group, Park Jin Hyok