Lazarus Group Attacks in 2025: Overview for SOC Teams
Contents
The Lazarus Group, North Korea’s state-sponsored hacking collective, has held the title of the most notorious advanced persistent threat (APT) for almost two decades now. In 2025, it escalated its cyber operations, targeting tech industries with fake IT workers, fraudulent job interviews, and hijacked open-source software.
It’s time to take a closer look at its current activities and see how SOC teams can proactively detect and track the group attacks using ANY.RUN’s solutions.
Biggest Lazarus Group Campaigns So Far
Lazarus’s 2025 campaigns combine sophisticated social engineering and supply chain attacks, posing severe risks to businesses’ financial stability, data security, and operational continuity.
North Korean IT Workers
Since 2024, Lazarus Group has been deploying North Korean operatives posing as legitimate remote IT workers to infiltrate companies, particularly in the U.S. and UK. Using stolen or AI-enhanced identities, these operatives secure tech roles to steal sensitive data, deploy malware, or generate illicit revenue for North Korea.
According to …
It’s time to take a closer look at its current activities and see how SOC teams can proactively detect and track the group attacks using ANY.RUN’s solutions.
Biggest Lazarus Group Campaigns So Far
Lazarus’s 2025 campaigns combine sophisticated social engineering and supply chain attacks, posing severe risks to businesses’ financial stability, data security, and operational continuity.
North Korean IT Workers
Since 2024, Lazarus Group has been deploying North Korean operatives posing as legitimate remote IT workers to infiltrate companies, particularly in the U.S. and UK. Using stolen or AI-enhanced identities, these operatives secure tech roles to steal sensitive data, deploy malware, or generate illicit revenue for North Korea.
According to …