Lazarus Group
Contents
Lazarus Group is a North Korean state-sponsored cyber threat group that has been attributed to the Reconnaissance General Bureau.[1][2] The group has been active since at least 2009 and was reportedly responsible for the November 2014 destructive wiper attack against Sony Pictures Entertainment as part of a campaign named Operation Blockbuster by Novetta. Malware used by Lazarus Group correlates to other reported campaigns, including Operation Flame, Operation 1Mission, Operation Troy, DarkSeoul, and Ten Days of Rain. [3]
North Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name Lazarus Group instead of tracking clusters or subgroups, such as Andariel, APT37, APT38, and Kimsuky.
|Name||Description|
|Labyrinth Chollima|
|HIDDEN COBRA|
The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.[1][5]
|Guardians of Peace|
|ZINC|
|NICKEL ACADEMY|
|Domain||ID||Name||Use|
|Enterprise||T1134||.002||Access Token Manipulation: Create Process with Token|
Lazarus Group keylogger KiloAlfa obtains user tokens from interactive sessions …
North Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name Lazarus Group instead of tracking clusters or subgroups, such as Andariel, APT37, APT38, and Kimsuky.
|Name||Description|
|Labyrinth Chollima|
|HIDDEN COBRA|
The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.[1][5]
|Guardians of Peace|
|ZINC|
|NICKEL ACADEMY|
|Domain||ID||Name||Use|
|Enterprise||T1134||.002||Access Token Manipulation: Create Process with Token|
Lazarus Group keylogger KiloAlfa obtains user tokens from interactive sessions …