North Korea has returned to the headlines with cybersecurity due to its ties to the Lazarus Group as it conducts another successful cyber heist. This time the infamous Lazarus Group—a highly suspected North Korean state-sponsored hacker group founded around 2007 to 2009—stole 100 million dollars worth of Harmony cryptocurrency.
Believe it or not, this is not this mysterious group’s most famous heist, as it has already been involved with attacks on Sony and viruses like WannaCry. So, why is the Lazarus Group so successful? Let’s find out below.
The Lazarus Group: How Dangerous Is It?
Computer security is becoming one of the most controversial fields in recent years. We have increasingly connected devices but have cared little to protect them. And it doesn’t just happen with users but also with companies. That’s why attacks are becoming more and more frequent and more and more powerful.
Among organizations that attack corporations, the name Lazarus (sometimes referred to as DarkSeoul, Guardians of Peace, and Hidden Cobra) has acquired a particular prominence among hackers.
This mysterious group of hackers is behind some of the most successful and destructive computer attacks in recent years. The UK’s National Cyber Security Centre (NCSC), the NSA, and the FBI place this group high on the list of dangerous entities to national security. And what little is known about them is that the members are probably based in North Korea, the most isolated nation worldwide.
What Are Some of the Lazarus Group’s Most Infamous Attacks?
Its first attack was known as “Operation Flame.” It was carried out in 2007 and used first-generation malware against the South Korean government. Then “Operation Troy” followed, which happened between 2009 and 2012. These two attacks were basic in complexity; the group took down South Korean government websites by flooding their servers with requests.
In March 2011, the group launched “Ten Days of Rain,” which turned out to be a more sophisticated DDoS attack that targeted media, financial and critical infrastructure in South Korea. Critical infrastructure has always been a favorite target for hackers due to its importance to everyday activities.
The Sony Pictures Attack
The infamous attack on Sony Pictures came in 2014, which brought the group to the world stage. For a time, this attack was considered one of the largest in the history of cybercrime.
During the attack, the Lazarus Group stole confidential information from the company, exposed confidential correspondence between levels of direction, production, and acting, and even leaked unreleased movies. The attacks were launched in retaliation for the release of the film “The Interview,” which portrays Kim Jong-un in a silly manner.
Attacks on Banks and Cryptocurrencies
In 2015, the Lazarus Group also started attacking banks worldwide, including Ecuador and Vietnam. These were the Banco del Austro and Tien Phong Bank. In addition, it has also tried attacking banks in Poland, Chile, and Mexico. In 2016, the group’s bank attacks became more sophisticated and even managed to steal 81 million dollars from the Bank of Bangladesh. In 2017, it also tried to steal 60 million dollars from a Taiwanese bank.
Now the Lazarus Group is focusing on cryptocurrency attacks. The most prominent attack affected South Korean owners of Bitcoin and Monero; this is why the group now chose to steal Harmony cryptocurrency.
Is the Lazarus Group Comprised of North Korean Hackers?
Although it has never been proven, as with most cyber-attacks, experts are very confident that the group operates under the financial support and request of the North Korean government. This would explain the Sony Pictures attacks and its constant fixation on attacking South Korean infrastructure and institutions.
The truth is that we know very little about the group. It is unknown if these are North Korean cyber soldiers or simply international hackers that North Korea hired; in any case, the identity of members of the group is anonymous, although one thing is sure, they work as a very effective team.
There is even a theory that the group has nothing to do with North Korea and that that is simply a way to drive attention away from its natural origin. In any case, it is unlikely that the US and the UK have blamed North Korea for the group’s actions in the past.
How Does the Lazarus Group Attack?
Lazarus Group’s attacks have gone from crude to sophisticate, from attacking and doing damage to getting the most benefit possible from each action. Although the group started in a very amateur way against South Korea, it has become a very professional and dangerous organization with more specific monetary objectives.
The NSA, FBI, and even the Russian cybersecurity firm Kaspersky Labs have investigated the group’s financial attacks and modus operandi. The hackers usually compromise a single system within a bank from where they proceed to infiltrate the entire organization.
After the initial infection, the group then spent several weeks investigating the target systems, a standard tactic in cyber warfare (the USCYBERCOM operates similarly). Once the group perfectly mapped the target organization and gathered enough data, it started stealing money.
While the group’s bank attacks are the most notorious, its hackers also attack casinos, cryptocurrency businesses, and investment companies. Some of its favorite target countries are South Korea, Mexico, Costa Rica, Brazil, Uruguay, Chile, Poland, India, and Thailand.
Due to famines, sanctions, and failed economic policies, North Korea’s currency has consistently dropped during the last decades. While Kim Jong-il (the father of the current leader, Kim Jong-un) focused on holding the world for ransom through attacks and threats to acquire international aid and ease sanctions, his son preferred to re-direct the North Korean military and population to generate income from abroad.
This helps North Korea gain foreign currency to support its military and weapons of mass destruction research and development and, in a way, strengthen its currency and economy. There are many ways that Kim Jong-un generates income from abroad; for example, he leases North Koreans as cheap labor, sends doctors and military advisors abroad for a price, sells weapons, and uses hackers to steal money.
Initially, North Korea’s hacker army (as the group is sometimes referred to) mainly did disruptive operations against enemies of the state. But when Kim Jong-il died in 2011, Kim Jong-un changed policies, and now hackers placed most of their efforts on robbing banks and creating ransomware viruses. That is why until 2011, the Lazarus Group still attacked South Korean government sites and infrastructure.
Could This Just Be the Beginning?
The Lazarus Group has transformed from an amateur group to a well-funded and capable state-sponsored hacking group. Since its foundation, the group’s attacks have only become increasingly devastating and complex, and so far, no one has been able to persecute them. Without repercussions and North Korean state protection, it seems this group only has the potential to grow and become even more dangerous, but only time will tell.