All the Hacks Attributed to the North Korean Lazarus Group
If you’ve been investing or following cryptocurrency for a while, then it is inevitable that you have come across a famous hacking group known as Lazarus. While it isn’t certain just how many hacks they have been involved in, there are many that have been attributed to this group.
In this article, we are going to take a deep dive into all of the hacks attributed to the Lazarus group in North Korea. So grab a drink and settle in because it’s a long one!
1. Operation Troy (2009)
It’s unclear when precisely this group began operating, but the first attack they are known for is the July 2009 cyberattacks, which targeted several US and South Korean websites with DDoS attacks.
These attacks utilized the Mydoom and Dozer malware and are believed to have targeted three dozen websites in total.
2. 2013 South Korea Cyberattack
On March 20th, 2013, Lazarus launched a complicated DDoS attack against many South Korean financial institutes and media outlets. As this was early in Lazarus’ list of attacks, it did not become clear until much later that they were the ones behind this fateful day.
3. 2014 Sony Breach
On November 24th, 2014, Lazarus hacked Sony Pictures, stealing private data and leaking it to the public over several days. They even gave an interview, stating that they had been stealing the data for several years prior, but the validity of the interview was never fully confirmed.
The information stolen included unreleased films, scripts, plans for future films, and private information belonging to the company’s 4,000 employees.
4. Operation Blockbuster (2016)
From their inception until 2016, Lazarus spent a lot of time infecting various websites and software with malware. This came to a culmination in 2016 when a group of security companies got together and began breaking apart the code of the discovered malware.
The malware was connected to Lazarus through code matching, as the group had re-used code from their previous malware attacks with the new targets.
5. 2016 Bangladesh Bank Cyber Heist
Lazarus made worldwide news for the first time in 2016 when hackers belonging to the group were able to breach SWIFT security protocols and transfer over $1 billion USD from the Federal Reserve (from an account belonging to the Bangladesh Bank) to themselves.
The money was divided, and then routed through various countries. While the Federal Reserve was able to block several of the later transactions, the hackers still made off with over $202 million USD.
6. WannaCry Ransomware Attack (2017)
One of the most famous ransomware attacks of all time, WannaCry, was a crypto worm that Lazarus was able to get into the computers of several large global companies. The major companies involved include the NHS in Britain, Boeing, and several global universities.
It was a ransomware attack, meaning the worm locked files on the computer and demanded a ransom to have them unlocked. The initial ransom was $300, though it doubled every 3 days—to force companies to pay quickly. In total, hackers made off with $160,000 before the ransomware was stopped, though their files were never unlocked.
This attack was considered bad, because it was a worm. Unlike other types of malware, worms spread from computer to computer on their own, without needing to click a bad link. Thus, once a worm is in a system, destruction ensues. In total WannaCry affected 200,000 computers located in over 150 countries.
The worst part about this worm was that it was discovered by the NSA, which had had the data stolen from its systems. The NSA had alerted Microsoft to the vulnerability that the worm was exploiting, but unfortunately, many companies had yet to update their systems.
Related: All About the Euler Finance Hack
7. Cryptocurrency Attacks (2017)
Apparently, for Lazarus, attacking governments became too risky, and they shifted their focus to attacking blockchains in 2017. The blockchains they targeted in 2017 include:
· Coinlink
· Bithumb
· Youbit
· Nicehash
While all these attacks are attributed to Lazarus, some aren’t confirmed yet, but no other group has stepped forward and the money stolen was linked to North Korean wallets, thus perpetuating the connection.
8. ElectricFish (2019)
In 2019, Lazarus created a new malware named ElectricFish. The exact details of this malware aren’t known, but it is used to steal information and money and has netted Lazarus over $49 million.
9. Pharmaceutical Company Attacks (2020)
During COVID, Lazarus went back to their old ways and targets pharmaceutical companies using spear-phishing techniques. The hackers would pose as health officials and email malicious links to employees. All pharmaceutical companies were targets, including AstraZeneca, one of the major COVID-19 vaccine providers.
10. Social Engineering Scams (2021-)
Lazarus discovered social engineering scams in 2020 and continued to perpetuate them for several years. They created numerous social media profiles on Twitter, GitHub and LinkedIn and began contacting security researchers. Once contact was made, they would send a file infected with malware.
One of these scams was the DeFi Tank Land game which downloaded malware to the victim’s computer via links sent in Twitter/X DMs.
Related: Tank NFT Game Actually Malware
11. Axie Infinity Attack (2022)
In 2022, Lazarus targeted the online crypto game Axie Infinity, using known vulnerabilities to steal over $620 million.
12. Horizon Bridge Attack (2022)
Lazarus was the group responsible for the theft of $100 million from Harmony’s Horizon Bridge.
13. Atomic Wallet Attack (2023)
In June 2023, $100 million was stolen through an exploited vulnerability in the Atomic Wallet service. The involvement of Lazarus has been confirmed by the FBI.
14. Stake.com Hack (2023)
In late 2023, Lazarus began turning their sights to gaming platforms and stole $41 million in cryptocurrency from the famous Stake.com. This has also been confirmed by the FBI based on digital or code signature left during the theft.
Unfortunately, Lazarus hasn’t stopped there, and currently there are many investigations into hacks in 2024, several of which are reportedly connected to the group. Although the investigations are ongoing, it is known that Lazarus has made off with over $3 billion in the years in which they have been active.
You May Also Enjoy: The Wintermute Hack Explained
