2025-04-16
Ahnlab
2025년 3월 APT 그룹 동향 보고서
#Kimsuky
#Konni
#Lazarus
#Trend
Lazarus
He is everywhere
"Lazarus Group is a threat group that has been attributed to the North Korean government. The group has been active since at least 2009 and was reportedly responsible for the November 2014 destructive wiper attack against Sony Pictures Entertainment as part of a campaign named Operation Blockbuster by Novetta. Malware used by Lazarus Group correlates to other reported campaigns, including Operation Flame, Operation 1Mission, Operation Troy, DarkSeoul, and Ten Days of Rain. In late 2017, Lazarus Group used KillDisk, a disk-wiping tool, in an attack against an online casino based in Central America."
- MITRE, https://attack.mitre.org/groups/G0032/
"Lazarus, Hebrew Eleazar, (“God Has Helped”), either of two figures mentioned in the New Testament. The miraculous story of Lazarus being brought back to life by Jesus is known from the Gospel According to John (11:1–45). Lazarus is also the name given by the Gospel According to Luke (16:19–31) to the beggar in the parable of the rich man and Lazarus."
- Britannica, https://www.britannica.com/biography/Lazarus-biblical-figure
"The Archbishop Lazarus was an ambassador from the Zakarum Church and an advisor to King Leoric."
- DiabloWiki, https://www.diablowiki.net/Lazarus
"Lazarus Group (also known by other monikers such as Guardians of Peace or Whois Team) is a cybercrime group made up of an unknown number of individuals. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them over the last decade. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity firms include HIDDEN COBRA (by the United States Intelligence Community) and Zinc (by Microsoft)."
- Wikipedia, https://en.wikipedia.org/wiki/Lazarus_Group
"Lazarus Group is commonly believed to be run by the North Korean government, motivated primarily by financial gain as a method of circumventing long-standing sanctions against the regime. They first came to substantial media notice in 2013 with a series of coordinated attacks against an assortment of South Korean broadcasters and financial institutions using DarkSeoul, a wiper program that overwrites sections of the victims’ master boot record."
- ETDA, https://apt.etda.or.th/cgi-bin/showcard.cgi?u=41dcfaff-d5f0-484d-8649-ef8c61588eec
"Lazarus是一个高度活跃、极具破坏性的由朝鲜国家资助的APT组织,主要目的是进行间谍活动、数据窃取、获取经济利益和进行网络破坏等。该组织长期对韩国、美国、中国、印度等国家进行渗透攻击,此外还对全球的金融机构进行攻击,堪称全球金融机构的最大威胁。据报道,Lazarus此前使用各种自定义远程访问工具,包括FoggyBrass和PhantomStar。此外,该组织主要采用鱼叉式网络钓鱼策略,但也被观察到使用社会工程学技术来攻击目标。该组织自2007年开始活跃,其攻击活动在2014年和2015年激增,先后对超过30个国家和地区发动过网络攻击,其中知名的行动有Operation GhostSecret,针对韩国的Troy Operation以及DarkSeoul Operation和2014年针对Sony公司的攻击等。2018年9月,美国对与Lazarus组织有关的3人提起了刑事指控。2022年4月下旬至9月中旬期间,该组织继续针对美国、英国、印度和俄罗斯等国家媒体、国防和航空航天以及IT服务等多个行业的组织中的员工开展了社会工程学活动。"
- RedQueen, https://redqueen.tj-un.com/threatOrganizationDetails.html?id=ede3cd4a79764a4aa64305f23e51b4a2
"The Lazarus Group is a nickname for the group of malware authors identified in Operation Blockbuster, a united effort between the company Novetta and a number of other entities. This hacker group has been linked to a number of attacks over the years, including the attack on Sony from 2014."
- IBM, https://exchange.xforce.ibmcloud.com/collection/Actor-Lazarus-Group-0bf5e50d24445f94d6b2d744dc6c63a2
"Dashboard for Lazarus Group"
- ArkhamIntelligence, https://platform.arkhamintelligence.com/explorer/entity/lazarus-group
"Lazarus Group Threat Actor Intelligence Profile"
- Cybergeist, https://cybergeist.io/profile/lazarus-group