Lazarus group and the DPRK

A billion-dollar bank heist, the largest ransomware attack of all time, and the single largest crypto heist of all time. What do all these have in common? According to some in the cybersecurity industry there is one connecting factor –– The Lazarus Group.

In a journal article titled, The Lazarus Group: The Cybercrime Syndicate Financing the North Korea State, the author explains how hackers in North Korea have stolen north of two-billion dollars and have crippled thousands of computers. The Lazarus Group as described in the journal is –– “they are a collective of North Korean cybercriminals…they serve the North Korean state, mostly undertaking acts of espionage and hacking financial institutions” (Park, “Lazarus) These hackers are responsible for undertaking hacks on the behalf of the Democratic People’s Republic of Korea (DPRK) both for financial gains and political gains. Profits from the actions of these hackers are then used to fund the North Korean state as it is heavily sanctioned by the United States and its allies. Over the course of hacks committed by the Lazarus group they have targeted hundreds of foreign companies and have stolen intellectual property for vaccines, weapons, and technology as well as billions of dollars in cash assets. Some of these institutions include Sony Pictures, the Bangladesh Bank, Pfizer, KuCoin exchange, and AstraZeneca. For the DPRK these are the perfect heist as it is hard to seek attribution and retribution for cyber-attacks –– “Cybercrime is a low risk high reward enterprise. Millions can be stolen, and attribution is often difficult, with retribution highly delayed” (Park, “Lazarus) It seems that for the DPRK cybercrime is the perfect crime. Additionally, foreign countries often do not want to escalate tensions over an issue such as cybercrime, even if they are able to attribute it to North Korea. It seems that this is an issue that will be hard to fight given the current posture to foreign cybercrimes and the difficulty in attribution.