State-led hacker attacks are usually assigned to one of the "Big Four": Russia, China, Iran or North Korea. North Korea's early attacks were primarily directed at South Korea, but in recent years Western countries have also become targets of their financially motivated and espionage-related operations.
Based on current research, Mandiant has compiled an overview of North Korean hacking groups and provides information about their connection to the North Korean government. Historically, most North Korean cyberattacks have been attributed to the notorious Lazarus group. New research suggests that North Korea's government has various cyber entities that are distinct and have recently been actively regrouped.
Bureau 325 as a multi-assault force
Among other things, the recently founded hacker group "Bureau 325" is examined in more detail, the importance of which has increased rapidly. It is referred to as North Korea's "Swiss Army Knife". A comment from Michael Barnhart, Principal Analyst at Mandiant, on Bureau 325:
“The activities of the Bureau 325 group have developed significantly in a short period of time. They now range from trying to get information about the COVID-19 vaccine to crypto heists to stealing nuclear trade secrets. This suggests that "Bureau 325" is North Korea's new "all-star squad." We assume that there are several sub-units within the group, each with their own areas of specialization.
Lazarus only part of the attack force
The restructuring shows that North Korea wants to become as good as China when it comes to cyber threats. Their cyber units are extremely mobile now that they have consolidated. This is a dangerous group and security teams need to learn how to protect their organizations from it. Because we expect to see more from this hacker group.”
More at Mandiant.com
About Mandiant Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response. With decades of experience on the cyber frontline, Mandiant helps organizations confidently and proactively defend against cyber threats and respond to attacks. Mandiant is now part of Google Cloud.