APT Group Lazarus: North Korea captured $630 million

Share post

According to a UN expert report, North Korea was able to capture a record amount of money in 2022 through cyber attacks by the APT group Lazarus. North Korean cybercriminals are believed to have stolen at least $630 million.

The sanctioned country uses the money mainly to finance its nuclear and missile programs. The state group Lazarus, among others, is held responsible for the cyber attacks. In public reporting, the Lazarus Group is often used as a generic term for numerous North Korean cyber actors. A blog post by Mandiant provides detailed insights into the various institutions within the hermit state, helping to understand how actors evolve and share resources.

Many APT groups work in one pot

TEMP.Hermit, APT38 and Andariel are probably subordinate to Lab 110. Lab 110 is likely an expanded and reorganized version of Bureau 121, often referred to as North Korea's primary hacking unit. Lab 110 includes some elements most closely associated with the organization publicly reported as the "Lazarus Group." Open source reporting often uses the Lazarus Group title as an umbrella term and refers to numerous clusters that we track separately. Although TEMP.Hermit is most commonly aligned with Lazarus Group reporting, researchers and open sources often lump all three of these actor groups — and sometimes even all North Korean APTs — together simply as the “Lazarus Group.”

Targets of North Korean cyber criminals

“Despite the fluctuations in the crypto market, North Korea remains committed to targeting these assets. These actors are involved in a variety of fraudulent methods to raise money and funnel it into the regime's coffers. Some intruders focus purely on raising money. Others primarily collect intelligence information and target cryptocurrencies to fund their operations. Both businesses and high net worth individuals are targets of the attacks, which are constantly evolving and often go unnoticed.” – John Hultquist, Head of Client Threat Intelligence at Google Cloud.

More at Mandiant.com

 


About Mandiant

Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response. With decades of experience on the cyber frontline, Mandiant helps organizations confidently and proactively defend against cyber threats and respond to attacks. Mandiant is now part of Google Cloud.


 

Matching articles on the topic

Companies spend 10 billion euros on cybersecurity

Germany is arming itself against cyber attacks and is investing more than ever in IT and cyber security. In the current year the ➡ Read more

Qakbot remains dangerous

Sophos X-Ops has discovered and analyzed a new variant of the Qakbot malware. These cases first appeared in mid-December and they ➡ Read more

VexTrio: most malicious DNS threat actor identified

A DNS management and security provider has exposed and blocked VexTrio, a complex criminal affiliate program. This increases cybersecurity. ➡ Read more

Ransomware-resistant WORM archives for data backup 

A data archive is a must for every company. Few people know: An active WORM archive can help to streamline data backup, ➡ Read more

A comeback from Lockbit is likely

It is fundamentally important for Lockbit to be visible again quickly. Victims are presumably less willing to pay as long as there are rumors ➡ Read more

LockBit is alive

A few days ago, international law enforcement authorities scored a decisive blow against Lockbit. According to a comment from Chester Wisniewski, Director, Global ➡ Read more

Cyber ​​danger Raspberry Robin

A leading provider of an AI-powered, cloud-delivered cybersecurity platform warns about Raspberry Robin. The malware was first released in the year ➡ Read more

New scam Deep Fake Boss

Unlike classic scams such as the email-based boss scam, the Deep Fake Boss method uses high-tech manipulation ➡ Read more