Lazarus Group

The Lazarus Group intrusion set was originally identified by Novetta under Operation Blockbuster which attributed the 2014 cyber attack against Sony Pictures Entertainment to the Lazarus Group.

Over time, different researchers have linked the group to multiple attacks globally and as a result the name has become broader in terms of the actor or actors it refers to.

Indictments by the US government have linked Lazarus to the Reconnaissance General Bureau (RGB) which is a military intelligence agency of the Democratic People’s Republic of Korea (DPRK).

web.archive.org

https://web.archive.org/web/20160226161828/https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf

www.justice.gov

https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and

en.wikipedia.org

https://en.wikipedia.org/wiki/Lazarus_Group

docs.rapid7.com

https://docs.rapid7.com/insightidr/lazarus-group/

ofac.treasury.gov

https://ofac.treasury.gov/recent-actions/20190913

web.archive.org

https://web.archive.org/web/20220307061004/https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-RAT-and-Staging-Report.pdf