Everyday is lazarus.dayβ

PolySwarm 2022 Recap - Threat Actor Activity Highlights: North Korea

2022-12-21, PolySwarm


Executive Summary
This Threat Bulletin is part of PolySwarm’s 2022 Recap series. This report highlights the activity perpetrated by North Korea-based threat actors in 2022.
Key Takeaways
- This report provides highlights of activity perpetrated by North Korea-based threat actors in 2022.
- Threat actors featured in this report include Lazarus Group, BlueNoroff, Reaper, Andariel, Kimsuky, Gwisin, and H0ly Gh0st.
- PolySwarm tracked malware associated with multiple North Korea nexus threat actors in 2022.
Lazarus Group
Lazarus Group, also known as Hidden Cobra and Labyrinth Chollima, is a state-sponsored threat actor group likely affiliated with North Korea’s Reconnaissance General Bureau. The group’s members are reportedly trained in Shenyang, China, in malware and espionage operations. Lazarus is known for espionage activity, disruptive activity, and financially motivated attacks. Lazarus Group was extremely active in 2022.
- In early 2022, a Lazarus Group campaign targeting cryptocurrency was brought to light. TTPs used in the campaign included spearphishing, social engineering the victims, …