Lazarus Group
Lazarus Group (also known as Guardians of Peace or Whois Team) is a cybercrime group made up of an unknown number of individuals run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them between 2010 and 2021. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra (used by the United States Department of Homeland Security to refer to malicious cyber activity by the North Korean government in general) and ZINC or Diamond Sleet (by Microsoft). According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.
라자루스 조직 | |
| Formation | c. 2009 |
|---|---|
| Type | Advanced persistent threat |
| Purpose | Cyberespionage, cyberwarfare |
Region | Potonggang District, Pyongyang, North Korea |
| Methods | Zero-days, spearphishing, malware, disinformation, backdoors, droppers |
Official language | Korean |
Parent organization | Reconnaissance General Bureau Korea Computer Center Nonserviam Cyber Warfare Command |
| Affiliations | Bureau 121, Unit 180, AndAriel |
Formerly called | APT38 Gods Apostles Gods Disciples Guardians of Peace ZINC Whois Team Hidden Cobra |
The Lazarus Group has strong links to North Korea. The United States Department of Justice has claimed the group is part of the North Korean government's strategy to "undermine global cybersecurity ... and generate illicit revenue in violation of ... sanctions". North Korea benefits from conducting cyber operations because it can present an asymmetric threat with a small group of operators, especially to South Korea.