North Korea has returned to the headlines with cybersecurity due to its ties to the Lazarus Group as it carries out another successful cyber heist. This time, the infamous Lazarus Group, a highly suspected North Korean state-sponsored hacker group founded between 2007 and 2009, stole $100 million worth of Harmony cryptocurrency.
Believe it or not, this isn’t the most famous heist by this mysterious group, as they’ve been implicated in attacks on Sony and viruses like WannaCry before. So why is the Lazarus group so successful? Let’s find out below.
The Lazarus group: how dangerous is it?
Computer security is becoming one of the most controversial areas in recent years. We have more and more connected devices, but we have paid little attention to protecting them. And this does not only happen with users, but also with companies. This is why the attacks are more and more frequent and more and more powerful.
Among organizations that attack businesses, the name Lazarus (sometimes referred to as DarkSeoul, Guardians of Peace, and Hidden Cobra) has gained particular prominence among hackers.
This mysterious group of hackers is behind some of the most successful and destructive computer attacks in recent years. The UK’s National Cyber Security Center (NCSC), the NSA and the FBI place this group at the top of the list of entities dangerous to national security. And what little is known about them is that the members are likely based in North Korea, the most isolated country in the world.
What are some of the Lazarus Group’s most infamous attacks?
Its first attack was known as “Operation Flame”. It was made in 2007 and used first-generation malware against the South Korean government. Then “Operation Troy” followed, which took place between 2009 and 2012. Both of these attacks were of fundamental complexity; the group took down South Korean government websites by flooding their servers with requests.
In March 2011, the group launched “Ten Days of Rain”, which turned out to be a more sophisticated DDoS attack targeting media, financial and critical infrastructure in South Korea. Critical infrastructures have always been a prime target for hackers due to their importance to day-to-day operations.
The attack on Sony Pictures
The infamous attack on Sony Pictures took place in 2014, which brought the group to the world stage. For a time, this attack was considered one of the biggest in the history of cybercrime.
During the attack, the Lazarus Group stole confidential company information, exposed confidential correspondence between executive, production, and acting levels, and even leaked unreleased footage. The attacks were launched in retaliation for the release of the film “The Interview”, which portrays Kim Jong-un in a goofy way.
Attacks on banks and cryptocurrencies
In 2015, the Lazarus Group also began attacking banks around the world, including in Ecuador and Vietnam. These were Banco del Austro and Tien Phong Bank. In addition, he also tried to attack banks in Poland, Chile and Mexico. In 2016, the group’s banking attacks became more sophisticated and even managed to steal $81 million from the Bangladesh Bank. In 2017, he also tried to steal $60 million from a Taiwanese bank.
Now the Lazarus group is focusing on cryptocurrency attacks. The largest attack hit South Korean owners of Bitcoin and Monero; which is why the group has now chosen to steal the Harmony cryptocurrency.
Is the Lazarus group made up of North Korean hackers?
Although this has never been proven, as with most cyberattacks, experts are very confident that the group operates under the financial support and at the request of the North Korean government. This would explain Sony Pictures’ attacks and its constant fixation on attacking South Korean infrastructure and institutions.
The truth is that we know very little about the band. It is unclear if these are North Korean cybersoldiers or just international hackers that North Korea has hired; in any case, the identity of the members of the group is anonymous, although one thing is certain, they work as a very effective team.
There is even a theory that the group has nothing to do with North Korea and is simply a way to distract from its natural origin. In any case, the US and UK are unlikely to have blamed North Korea for the group’s actions in the past.
How does the Lazarus group attack?
Lazarus group attacks have gone from raw to sophisticated, attacking and damaging to get the most out of every action. Although the group started out very amateurish against South Korea, it has grown into a very professional and dangerous organization with more specific monetary goals.
The NSA, FBI, and even Russian cybersecurity firm Kaspersky Labs have investigated the group’s financial attacks and modus operandi. Hackers typically compromise a single system within a bank from where they proceed to infiltrate the entire organization.
After the initial infection, the group then spent several weeks investigating the target systems, a standard tactic in cyber warfare (USCYBERCOM works similarly). Once the group had fully mapped the target organization and collected enough data, they began stealing money.
While the group’s banking attacks are the most notorious, its hackers also attack casinos, cryptocurrency firms, and investment firms. Some of his favorite target countries are South Korea, Mexico, Costa Rica, Brazil, Uruguay, Chile, Poland, India, and Thailand.
Due to famines, sanctions and failing economic policies, North Korea’s currency has steadily fallen over the past decades. While Kim Jong-il (the father of the current leader, Kim Jong-un) has focused on ransoming the world through attacks and threats to secure international aid and ease sanctions, his son preferred redirect the North Korean army and population. to generate income abroad.
This helps North Korea obtain foreign currency to support its military and weapons of mass destruction research and development and, in a way, strengthen its currency and economy. There are many ways for Kim Jong-un to generate income overseas; for example, it hires North Koreans as cheap labor, sends doctors and military advisers overseas for a fee, sells weapons, and uses pirates to steal money.
Initially, the North Korean Hacker Army (as the group is sometimes called) primarily carried out disruptive operations against enemies of the state. But when Kim Jong-il died in 2011, Kim Jong-un changed his policy and hackers now focused their efforts on robbing banks and creating ransomware viruses. This is why until 2011, the Lazarus group still attacked the sites and infrastructures of the South Korean government.
Could this be just the start?
The Lazarus Group grew from a hobbyist group into a well-funded and capable state-sponsored hacking group. Since its founding, the group’s attacks have only become more and more devastating and complex, and so far no one has been able to persecute them. Without repercussions and without protection from the North Korean state, it seems that this group only has the potential to grow and become even more dangerous, but only time will tell.