CINXE.COM

<!DOCTYPE html> <html class="client-nojs vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available" lang="en" dir="ltr"> <head> <meta charset="UTF-8"> <title>Lazarus Group - Wikipedia</title> <script>(function(){var className="client-js vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available";var cookie=document.cookie.match(/(?:^|; )enwikimwclientpreferences=([^;]+)/);if(cookie){cookie[1].split('%2C').forEach(function(pref){className=className.replace(new RegExp('(^| )'+pref.replace(/-clientpref-\w+$|[^\w-]+/g,'')+'-clientpref-\\w+( |$)'),'$1'+pref+'$2');});}document.documentElement.className=className;}());RLCONF={"wgBreakFrames":false,"wgSeparatorTransformTable":["",""],"wgDigitTransformTable":["",""],"wgDefaultDateFormat":"dmy", "wgMonthNames":["","January","February","March","April","May","June","July","August","September","October","November","December"],"wgRequestId":"346f4bd0-d05f-450c-8c8c-c50594432f75","wgCanonicalNamespace":"","wgCanonicalSpecialPageName":false,"wgNamespaceNumber":0,"wgPageName":"Lazarus_Group","wgTitle":"Lazarus Group","wgCurRevisionId":1256603281,"wgRevisionId":1256603281,"wgArticleId":49605366,"wgIsArticle":true,"wgIsRedirect":false,"wgAction":"view","wgUserName":null,"wgUserGroups":["*"],"wgCategories":["CS1 maint: multiple names: authors list","CS1 maint: numeric names: authors list","Articles with short description","Short description is different from Wikidata","Pages using infobox organization with unknown parameters","All articles with vague or ambiguous time","Vague or ambiguous time from August 2021","Cyberattacks","North Korean advanced persistent threat groups","Hacking in the 2000s","Hacking in the 2010s","Cyberattack gangs", "North Korean entities subject to U.S. Department of the Treasury sanctions","Cybercrime in India","Specially Designated Nationals and Blocked Persons List"],"wgPageViewLanguage":"en","wgPageContentLanguage":"en","wgPageContentModel":"wikitext","wgRelevantPageName":"Lazarus_Group","wgRelevantArticleId":49605366,"wgIsProbablyEditable":true,"wgRelevantPageIsProbablyEditable":true,"wgRestrictionEdit":[],"wgRestrictionMove":[],"wgNoticeProject":"wikipedia","wgCiteReferencePreviewsActive":false,"wgFlaggedRevsParams":{"tags":{"status":{"levels":1}}},"wgMediaViewerOnClick":true,"wgMediaViewerEnabledByDefault":true,"wgPopupsFlags":0,"wgVisualEditor":{"pageLanguageCode":"en","pageLanguageDir":"ltr","pageVariantFallbacks":"en"},"wgMFDisplayWikibaseDescriptions":{"search":true,"watchlist":true,"tagline":false,"nearby":true},"wgWMESchemaEditAttemptStepOversample":false,"wgWMEPageLength":50000,"wgRelatedArticlesCompat":[],"wgCentralAuthMobileDomain":false,"wgEditSubmitButtonLabelPublish":true, "wgULSPosition":"interlanguage","wgULSisCompactLinksEnabled":false,"wgVector2022LanguageInHeader":true,"wgULSisLanguageSelectorEmpty":false,"wgWikibaseItemId":"Q19284445","wgCheckUserClientHintsHeadersJsApi":["brands","architecture","bitness","fullVersionList","mobile","model","platform","platformVersion"],"GEHomepageSuggestedEditsEnableTopics":true,"wgGETopicsMatchModeEnabled":false,"wgGEStructuredTaskRejectionReasonTextInputEnabled":false,"wgGELevelingUpEnabledForUser":false};RLSTATE={"ext.globalCssJs.user.styles":"ready","site.styles":"ready","user.styles":"ready","ext.globalCssJs.user":"ready","user":"ready","user.options":"loading","ext.cite.styles":"ready","skins.vector.search.codex.styles":"ready","skins.vector.styles":"ready","skins.vector.icons":"ready","jquery.makeCollapsible.styles":"ready","ext.wikimediamessages.styles":"ready","ext.visualEditor.desktopArticleTarget.noscript":"ready","ext.uls.interlanguage":"ready","wikibase.client.init":"ready","ext.wikimediaBadges": "ready"};RLPAGEMODULES=["ext.cite.ux-enhancements","mediawiki.page.media","site","mediawiki.page.ready","jquery.makeCollapsible","mediawiki.toc","skins.vector.js","ext.centralNotice.geoIP","ext.centralNotice.startUp","ext.gadget.ReferenceTooltips","ext.gadget.switcher","ext.urlShortener.toolbar","ext.centralauth.centralautologin","mmv.bootstrap","ext.popups","ext.visualEditor.desktopArticleTarget.init","ext.visualEditor.targetLoader","ext.echo.centralauth","ext.eventLogging","ext.wikimediaEvents","ext.navigationTiming","ext.uls.interface","ext.cx.eventlogging.campaigns","ext.cx.uls.quick.actions","wikibase.client.vector-2022","ext.checkUser.clientHints","ext.quicksurveys.init","ext.growthExperiments.SuggestedEditSession","wikibase.sidebar.tracking"];</script> <script>(RLQ=window.RLQ||[]).push(function(){mw.loader.impl(function(){return["user.options@12s5i",function($,jQuery,require,module){mw.user.tokens.set({"patrolToken":"+\\","watchToken":"+\\","csrfToken":"+\\"}); }];});});</script> <link rel="stylesheet" href="/w/load.php?lang=en&modules=ext.cite.styles%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediaBadges%7Cext.wikimediamessages.styles%7Cjquery.makeCollapsible.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&only=styles&skin=vector-2022"> <script async="" src="/w/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=vector-2022"></script> <meta name="ResourceLoaderDynamicStyles" content=""> <link rel="stylesheet" href="/w/load.php?lang=en&modules=site.styles&only=styles&skin=vector-2022"> <meta name="generator" content="MediaWiki 1.44.0-wmf.4"> <meta name="referrer" content="origin"> <meta name="referrer" content="origin-when-cross-origin"> <meta name="robots" content="max-image-preview:standard"> <meta name="format-detection" content="telephone=no"> <meta name="viewport" content="width=1120"> <meta property="og:title" content="Lazarus Group - Wikipedia"> <meta property="og:type" content="website"> <link rel="preconnect" href="//upload.wikimedia.org"> <link rel="alternate" media="only screen and (max-width: 640px)" href="//en.m.wikipedia.org/wiki/Lazarus_Group"> <link rel="alternate" type="application/x-wiki" title="Edit this page" href="/w/index.php?title=Lazarus_Group&action=edit"> <link rel="apple-touch-icon" href="/static/apple-touch/wikipedia.png"> <link rel="icon" href="/static/favicon/wikipedia.ico"> <link rel="search" type="application/opensearchdescription+xml" href="/w/rest.php/v1/search" title="Wikipedia (en)"> <link rel="EditURI" type="application/rsd+xml" href="//en.wikipedia.org/w/api.php?action=rsd"> <link rel="canonical" href="https://en.wikipedia.org/wiki/Lazarus_Group"> <link rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/deed.en"> <link rel="alternate" type="application/atom+xml" title="Wikipedia Atom feed" href="/w/index.php?title=Special:RecentChanges&feed=atom"> <link rel="dns-prefetch" href="//meta.wikimedia.org" /> <link rel="dns-prefetch" href="//login.wikimedia.org"> </head> <body class="skin--responsive skin-vector skin-vector-search-vue mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject mw-editable page-Lazarus_Group rootpage-Lazarus_Group skin-vector-2022 action-view"><a class="mw-jump-link" href="#bodyContent">Jump to content</a> <div class="vector-header-container"> <header class="vector-header mw-header"> <div class="vector-header-start"> <nav class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-dropdown" class="vector-dropdown vector-main-menu-dropdown vector-button-flush-left vector-button-flush-right" > <input type="checkbox" id="vector-main-menu-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-main-menu-dropdown" class="vector-dropdown-checkbox " aria-label="Main menu" > <label id="vector-main-menu-dropdown-label" for="vector-main-menu-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-menu mw-ui-icon-wikimedia-menu"></span> <span class="vector-dropdown-label-text">Main menu</span> </label> <div class="vector-dropdown-content"> <div id="vector-main-menu-unpinned-container" class="vector-unpinned-container"> <div id="vector-main-menu" class="vector-main-menu vector-pinnable-element"> <div class="vector-pinnable-header vector-main-menu-pinnable-header vector-pinnable-header-unpinned" data-feature-name="main-menu-pinned" data-pinnable-element-id="vector-main-menu" data-pinned-container-id="vector-main-menu-pinned-container" data-unpinned-container-id="vector-main-menu-unpinned-container" > <div class="vector-pinnable-header-label">Main menu</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-main-menu.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-main-menu.unpin">hide</button> </div> <div id="p-navigation" class="vector-menu mw-portlet mw-portlet-navigation" > <div class="vector-menu-heading"> Navigation </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-mainpage-description" class="mw-list-item"><a href="/wiki/Main_Page" title="Visit the main page [z]" accesskey="z"><span>Main page</span></a></li><li id="n-contents" class="mw-list-item"><a href="/wiki/Wikipedia:Contents" title="Guides to browsing Wikipedia"><span>Contents</span></a></li><li id="n-currentevents" class="mw-list-item"><a href="/wiki/Portal:Current_events" title="Articles related to current events"><span>Current events</span></a></li><li id="n-randompage" class="mw-list-item"><a href="/wiki/Special:Random" title="Visit a randomly selected article [x]" accesskey="x"><span>Random article</span></a></li><li id="n-aboutsite" class="mw-list-item"><a href="/wiki/Wikipedia:About" title="Learn about Wikipedia and how it works"><span>About Wikipedia</span></a></li><li id="n-contactpage" class="mw-list-item"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us" title="How to contact Wikipedia"><span>Contact us</span></a></li> </ul> </div> </div> <div id="p-interaction" class="vector-menu mw-portlet mw-portlet-interaction" > <div class="vector-menu-heading"> Contribute </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-help" class="mw-list-item"><a href="/wiki/Help:Contents" title="Guidance on how to use and edit Wikipedia"><span>Help</span></a></li><li id="n-introduction" class="mw-list-item"><a href="/wiki/Help:Introduction" title="Learn how to edit Wikipedia"><span>Learn to edit</span></a></li><li id="n-portal" class="mw-list-item"><a href="/wiki/Wikipedia:Community_portal" title="The hub for editors"><span>Community portal</span></a></li><li id="n-recentchanges" class="mw-list-item"><a href="/wiki/Special:RecentChanges" title="A list of recent changes to Wikipedia [r]" accesskey="r"><span>Recent changes</span></a></li><li id="n-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_upload_wizard" title="Add images or other media for use on Wikipedia"><span>Upload file</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> <a href="/wiki/Main_Page" class="mw-logo"> <img class="mw-logo-icon" src="/static/images/icons/wikipedia.png" alt="" aria-hidden="true" height="50" width="50"> <span class="mw-logo-container skin-invert"> <img class="mw-logo-wordmark" alt="Wikipedia" src="/static/images/mobile/copyright/wikipedia-wordmark-en.svg" style="width: 7.5em; height: 1.125em;"> <img class="mw-logo-tagline" alt="The Free Encyclopedia" src="/static/images/mobile/copyright/wikipedia-tagline-en.svg" width="117" height="13" style="width: 7.3125em; height: 0.8125em;"> </span> </a> </div> <div class="vector-header-end"> <div id="p-search" role="search" class="vector-search-box-vue vector-search-box-collapses vector-search-box-show-thumbnail vector-search-box-auto-expand-width vector-search-box"> <a href="/wiki/Special:Search" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only search-toggle" title="Search Wikipedia [f]" accesskey="f"><span class="vector-icon mw-ui-icon-search mw-ui-icon-wikimedia-search"></span> <span>Search</span> </a> <div class="vector-typeahead-search-container"> <div class="cdx-typeahead-search cdx-typeahead-search--show-thumbnail cdx-typeahead-search--auto-expand-width"> <form action="/w/index.php" id="searchform" class="cdx-search-input cdx-search-input--has-end-button"> <div id="simpleSearch" class="cdx-search-input__input-wrapper" data-search-loc="header-moved"> <div class="cdx-text-input cdx-text-input--has-start-icon"> <input class="cdx-text-input__input" type="search" name="search" placeholder="Search Wikipedia" aria-label="Search Wikipedia" autocapitalize="sentences" title="Search Wikipedia [f]" accesskey="f" id="searchInput" > <span class="cdx-text-input__icon cdx-text-input__start-icon"></span> </div> <input type="hidden" name="title" value="Special:Search"> </div> <button class="cdx-button cdx-search-input__end-button">Search</button> </form> </div> </div> </div> <nav class="vector-user-links vector-user-links-wide" aria-label="Personal tools"> <div class="vector-user-links-main"> <div id="p-vector-user-menu-preferences" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-userpage" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-dropdown" class="vector-dropdown " title="Change the appearance of the page's font size, width, and color" > <input type="checkbox" id="vector-appearance-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-appearance-dropdown" class="vector-dropdown-checkbox " aria-label="Appearance" > <label id="vector-appearance-dropdown-label" for="vector-appearance-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-appearance mw-ui-icon-wikimedia-appearance"></span> <span class="vector-dropdown-label-text">Appearance</span> </label> <div class="vector-dropdown-content"> <div id="vector-appearance-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <div id="p-vector-user-menu-notifications" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-overflow" class="vector-menu mw-portlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en" class=""><span>Donate</span></a> </li> <li id="pt-createaccount-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:CreateAccount&returnto=Lazarus+Group" title="You are encouraged to create an account and log in; however, it is not mandatory" class=""><span>Create account</span></a> </li> <li id="pt-login-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:UserLogin&returnto=Lazarus+Group" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o" class=""><span>Log in</span></a> </li> </ul> </div> </div> </div> <div id="vector-user-links-dropdown" class="vector-dropdown vector-user-menu vector-button-flush-right vector-user-menu-logged-out" title="Log in and more options" > <input type="checkbox" id="vector-user-links-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-user-links-dropdown" class="vector-dropdown-checkbox " aria-label="Personal tools" > <label id="vector-user-links-dropdown-label" for="vector-user-links-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-ellipsis mw-ui-icon-wikimedia-ellipsis"></span> <span class="vector-dropdown-label-text">Personal tools</span> </label> <div class="vector-dropdown-content"> <div id="p-personal" class="vector-menu mw-portlet mw-portlet-personal user-links-collapsible-item" title="User menu" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport" class="user-links-collapsible-item mw-list-item"><a href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en"><span>Donate</span></a></li><li id="pt-createaccount" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:CreateAccount&returnto=Lazarus+Group" title="You are encouraged to create an account and log in; however, it is not mandatory"><span class="vector-icon mw-ui-icon-userAdd mw-ui-icon-wikimedia-userAdd"></span> <span>Create account</span></a></li><li id="pt-login" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:UserLogin&returnto=Lazarus+Group" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o"><span class="vector-icon mw-ui-icon-logIn mw-ui-icon-wikimedia-logIn"></span> <span>Log in</span></a></li> </ul> </div> </div> <div id="p-user-menu-anon-editor" class="vector-menu mw-portlet mw-portlet-user-menu-anon-editor" > <div class="vector-menu-heading"> Pages for logged out editors <a href="/wiki/Help:Introduction" aria-label="Learn more about editing"><span>learn more</span></a> </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-anoncontribs" class="mw-list-item"><a href="/wiki/Special:MyContributions" title="A list of edits made from this IP address [y]" accesskey="y"><span>Contributions</span></a></li><li id="pt-anontalk" class="mw-list-item"><a href="/wiki/Special:MyTalk" title="Discussion about edits from this IP address [n]" accesskey="n"><span>Talk</span></a></li> </ul> </div> </div> </div> </div> </nav> </div> </header> </div> <div class="mw-page-container"> <div class="mw-page-container-inner"> <div class="vector-sitenotice-container"> <div id="siteNotice"></div> </div> <div class="vector-column-start"> <div class="vector-main-menu-container"> <div id="mw-navigation"> <nav id="mw-panel" class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-pinned-container" class="vector-pinned-container"> </div> </nav> </div> </div> <div class="vector-sticky-pinned-container"> <nav id="mw-panel-toc" aria-label="Contents" data-event-name="ui.sidebar-toc" class="mw-table-of-contents-container vector-toc-landmark"> <div id="vector-toc-pinned-container" class="vector-pinned-container"> <div id="vector-toc" class="vector-toc vector-pinnable-element"> <div class="vector-pinnable-header vector-toc-pinnable-header vector-pinnable-header-pinned" data-feature-name="toc-pinned" data-pinnable-element-id="vector-toc" > <h2 class="vector-pinnable-header-label">Contents</h2> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-toc.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-toc.unpin">hide</button> </div> <ul class="vector-toc-contents" id="mw-panel-toc-list"> <li id="toc-mw-content-text" class="vector-toc-list-item vector-toc-level-1"> <a href="#" class="vector-toc-link"> <div class="vector-toc-text">(Top)</div> </a> </li> <li id="toc-History" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#History"> <div class="vector-toc-text"> <span class="vector-toc-numb">1</span> <span>History</span> </div> </a> <button aria-controls="toc-History-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle History subsection</span> </button> <ul id="toc-History-sublist" class="vector-toc-list"> <li id="toc-2009_Operation_Troy" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#2009_Operation_Troy"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.1</span> <span>2009 Operation Troy</span> </div> </a> <ul id="toc-2009_Operation_Troy-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-2013_South_Korea_Cyberattack_(Operation_1Mission/_DarkSeoul)" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#2013_South_Korea_Cyberattack_(Operation_1Mission/_DarkSeoul)"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.2</span> <span>2013 South Korea Cyberattack (Operation 1Mission/ DarkSeoul)</span> </div> </a> <ul id="toc-2013_South_Korea_Cyberattack_(Operation_1Mission/_DarkSeoul)-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Late_2014:_Sony_breach" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Late_2014:_Sony_breach"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.3</span> <span>Late 2014: Sony breach</span> </div> </a> <ul id="toc-Late_2014:_Sony_breach-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Early_2016_Investigation:_Operation_Blockbuster" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Early_2016_Investigation:_Operation_Blockbuster"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.4</span> <span>Early 2016 Investigation: Operation Blockbuster</span> </div> </a> <ul id="toc-Early_2016_Investigation:_Operation_Blockbuster-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-2016_Bangladesh_Bank_cyber_heist" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#2016_Bangladesh_Bank_cyber_heist"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.5</span> <span>2016 Bangladesh Bank cyber heist</span> </div> </a> <ul id="toc-2016_Bangladesh_Bank_cyber_heist-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-May_2017_WannaCry_ransomware_attack" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#May_2017_WannaCry_ransomware_attack"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.6</span> <span>May 2017 WannaCry ransomware attack</span> </div> </a> <ul id="toc-May_2017_WannaCry_ransomware_attack-sublist" class="vector-toc-list"> <li id="toc-Attack" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Attack"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.6.1</span> <span>Attack</span> </div> </a> <ul id="toc-Attack-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Aftermath" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Aftermath"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.6.2</span> <span>Aftermath</span> </div> </a> <ul id="toc-Aftermath-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-2017_cryptocurrency_attacks" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#2017_cryptocurrency_attacks"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.7</span> <span>2017 cryptocurrency attacks</span> </div> </a> <ul id="toc-2017_cryptocurrency_attacks-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-September_2019_attacks" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#September_2019_attacks"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.8</span> <span>September 2019 attacks</span> </div> </a> <ul id="toc-September_2019_attacks-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Late_2020_pharmaceutical_company_attacks" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Late_2020_pharmaceutical_company_attacks"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.9</span> <span>Late 2020 pharmaceutical company attacks</span> </div> </a> <ul id="toc-Late_2020_pharmaceutical_company_attacks-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-January_2021_attacks_targeting_cybersecurity_researchers" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#January_2021_attacks_targeting_cybersecurity_researchers"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.10</span> <span>January 2021 attacks targeting cybersecurity researchers</span> </div> </a> <ul id="toc-January_2021_attacks_targeting_cybersecurity_researchers-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-March_2022_online_game_Axie_Infinity_attack" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#March_2022_online_game_Axie_Infinity_attack"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.11</span> <span>March 2022 online game Axie Infinity attack</span> </div> </a> <ul id="toc-March_2022_online_game_Axie_Infinity_attack-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-June_2022_Horizon_Bridge_attack" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#June_2022_Horizon_Bridge_attack"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.12</span> <span>June 2022 Horizon Bridge attack</span> </div> </a> <ul id="toc-June_2022_Horizon_Bridge_attack-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-2023_cryptocurrency_attacks" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#2023_cryptocurrency_attacks"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.13</span> <span>2023 cryptocurrency attacks</span> </div> </a> <ul id="toc-2023_cryptocurrency_attacks-sublist" class="vector-toc-list"> <li id="toc-June_2023_Atomic_Wallet_attack" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#June_2023_Atomic_Wallet_attack"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.13.1</span> <span>June 2023 Atomic Wallet attack</span> </div> </a> <ul id="toc-June_2023_Atomic_Wallet_attack-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-September_2023_Stake.com_hack" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#September_2023_Stake.com_hack"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.13.2</span> <span>September 2023 Stake.com hack</span> </div> </a> <ul id="toc-September_2023_Stake.com_hack-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-U.S._sanctions" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#U.S._sanctions"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.14</span> <span>U.S. sanctions</span> </div> </a> <ul id="toc-U.S._sanctions-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-2024_cryptocurrency_attack" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#2024_cryptocurrency_attack"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.15</span> <span>2024 cryptocurrency attack</span> </div> </a> <ul id="toc-2024_cryptocurrency_attack-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Education" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#Education"> <div class="vector-toc-text"> <span class="vector-toc-numb">2</span> <span>Education</span> </div> </a> <ul id="toc-Education-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Units" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#Units"> <div class="vector-toc-text"> <span class="vector-toc-numb">3</span> <span>Units</span> </div> </a> <button aria-controls="toc-Units-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle Units subsection</span> </button> <ul id="toc-Units-sublist" class="vector-toc-list"> <li id="toc-BlueNorOff" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#BlueNorOff"> <div class="vector-toc-text"> <span class="vector-toc-numb">3.1</span> <span>BlueNorOff</span> </div> </a> <ul id="toc-BlueNorOff-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-AndAriel" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#AndAriel"> <div class="vector-toc-text"> <span class="vector-toc-numb">3.2</span> <span>AndAriel</span> </div> </a> <ul id="toc-AndAriel-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Indictments" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#Indictments"> <div class="vector-toc-text"> <span class="vector-toc-numb">4</span> <span>Indictments</span> </div> </a> <ul id="toc-Indictments-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-See_also" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#See_also"> <div class="vector-toc-text"> <span class="vector-toc-numb">5</span> <span>See also</span> </div> </a> <ul id="toc-See_also-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Notes" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#Notes"> <div class="vector-toc-text"> <span class="vector-toc-numb">6</span> <span>Notes</span> </div> </a> <ul id="toc-Notes-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-References" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#References"> <div class="vector-toc-text"> <span class="vector-toc-numb">7</span> <span>References</span> </div> </a> <button aria-controls="toc-References-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle References subsection</span> </button> <ul id="toc-References-sublist" class="vector-toc-list"> <li id="toc-Sources" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Sources"> <div class="vector-toc-text"> <span class="vector-toc-numb">7.1</span> <span>Sources</span> </div> </a> <ul id="toc-Sources-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-External_links" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#External_links"> <div class="vector-toc-text"> <span class="vector-toc-numb">8</span> <span>External links</span> </div> </a> <ul id="toc-External_links-sublist" class="vector-toc-list"> </ul> </li> </ul> </div> </div> </nav> </div> </div> <div class="mw-content-container"> <main id="content" class="mw-body"> <header class="mw-body-header vector-page-titlebar"> <nav aria-label="Contents" class="vector-toc-landmark"> <div id="vector-page-titlebar-toc" class="vector-dropdown vector-page-titlebar-toc vector-button-flush-left" > <input type="checkbox" id="vector-page-titlebar-toc-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-titlebar-toc" class="vector-dropdown-checkbox " aria-label="Toggle the table of contents" > <label id="vector-page-titlebar-toc-label" for="vector-page-titlebar-toc-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-listBullet mw-ui-icon-wikimedia-listBullet"></span> <span class="vector-dropdown-label-text">Toggle the table of contents</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-titlebar-toc-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <h1 id="firstHeading" class="firstHeading mw-first-heading"><span class="mw-page-title-main">Lazarus Group</span></h1> <div id="p-lang-btn" class="vector-dropdown mw-portlet mw-portlet-lang" > <input type="checkbox" id="p-lang-btn-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-p-lang-btn" class="vector-dropdown-checkbox mw-interlanguage-selector" aria-label="Go to an article in another language. Available in 18 languages" > <label id="p-lang-btn-label" for="p-lang-btn-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--action-progressive mw-portlet-lang-heading-18" aria-hidden="true" ><span class="vector-icon mw-ui-icon-language-progressive mw-ui-icon-wikimedia-language-progressive"></span> <span class="vector-dropdown-label-text">18 languages</span> </label> <div class="vector-dropdown-content"> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li class="interlanguage-link interwiki-af mw-list-item"><a href="https://af.wikipedia.org/wiki/Lasarus-groep" title="Lasarus-groep – Afrikaans" lang="af" hreflang="af" data-title="Lasarus-groep" data-language-autonym="Afrikaans" data-language-local-name="Afrikaans" class="interlanguage-link-target"><span>Afrikaans</span></a></li><li class="interlanguage-link interwiki-ar mw-list-item"><a href="https://ar.wikipedia.org/wiki/%D9%85%D8%AC%D9%85%D9%88%D8%B9%D8%A9_%D9%84%D8%A7%D8%B2%D8%A7%D8%B1%D9%88%D8%B3" title="مجموعة لازاروس – Arabic" lang="ar" hreflang="ar" data-title="مجموعة لازاروس" data-language-autonym="العربية" data-language-local-name="Arabic" class="interlanguage-link-target"><span>العربية</span></a></li><li class="interlanguage-link interwiki-bn mw-list-item"><a href="https://bn.wikipedia.org/wiki/%E0%A6%B2%E0%A6%BE%E0%A6%9C%E0%A6%BE%E0%A6%B0%E0%A6%BE%E0%A6%B8_%E0%A6%97%E0%A7%8D%E0%A6%B0%E0%A7%81%E0%A6%AA" title="লাজারাস গ্রুপ – Bangla" lang="bn" hreflang="bn" data-title="লাজারাস গ্রুপ" data-language-autonym="বাংলা" data-language-local-name="Bangla" class="interlanguage-link-target"><span>বাংলা</span></a></li><li class="interlanguage-link interwiki-cs mw-list-item"><a href="https://cs.wikipedia.org/wiki/Lazarus_Group" title="Lazarus Group – Czech" lang="cs" hreflang="cs" data-title="Lazarus Group" data-language-autonym="Čeština" data-language-local-name="Czech" class="interlanguage-link-target"><span>Čeština</span></a></li><li class="interlanguage-link interwiki-de mw-list-item"><a href="https://de.wikipedia.org/wiki/Lazarus-Gruppe" title="Lazarus-Gruppe – German" lang="de" hreflang="de" data-title="Lazarus-Gruppe" data-language-autonym="Deutsch" data-language-local-name="German" class="interlanguage-link-target"><span>Deutsch</span></a></li><li class="interlanguage-link interwiki-et mw-list-item"><a href="https://et.wikipedia.org/wiki/Lazarus_Group" title="Lazarus Group – Estonian" lang="et" hreflang="et" data-title="Lazarus Group" data-language-autonym="Eesti" data-language-local-name="Estonian" class="interlanguage-link-target"><span>Eesti</span></a></li><li class="interlanguage-link interwiki-es mw-list-item"><a href="https://es.wikipedia.org/wiki/Lazarus_Group" title="Lazarus Group – Spanish" lang="es" hreflang="es" data-title="Lazarus Group" data-language-autonym="Español" data-language-local-name="Spanish" class="interlanguage-link-target"><span>Español</span></a></li><li class="interlanguage-link interwiki-fr mw-list-item"><a href="https://fr.wikipedia.org/wiki/Groupe_Lazarus" title="Groupe Lazarus – French" lang="fr" hreflang="fr" data-title="Groupe Lazarus" data-language-autonym="Français" data-language-local-name="French" class="interlanguage-link-target"><span>Français</span></a></li><li class="interlanguage-link interwiki-ko mw-list-item"><a href="https://ko.wikipedia.org/wiki/%EB%9D%BC%EC%9E%90%EB%A3%A8%EC%8A%A4_%EA%B7%B8%EB%A3%B9" title="라자루스 그룹 – Korean" lang="ko" hreflang="ko" data-title="라자루스 그룹" data-language-autonym="한국어" data-language-local-name="Korean" class="interlanguage-link-target"><span>한국어</span></a></li><li class="interlanguage-link interwiki-he mw-list-item"><a href="https://he.wikipedia.org/wiki/%D7%A7%D7%91%D7%95%D7%A6%D7%AA_%D7%9C%D7%96%D7%90%D7%A8%D7%95%D7%A1" title="קבוצת לזארוס – Hebrew" lang="he" hreflang="he" data-title="קבוצת לזארוס" data-language-autonym="עברית" data-language-local-name="Hebrew" class="interlanguage-link-target"><span>עברית</span></a></li><li class="interlanguage-link interwiki-lmo mw-list-item"><a href="https://lmo.wikipedia.org/wiki/Lazarus_Group" title="Lazarus Group – Lombard" lang="lmo" hreflang="lmo" data-title="Lazarus Group" data-language-autonym="Lombard" data-language-local-name="Lombard" class="interlanguage-link-target"><span>Lombard</span></a></li><li class="interlanguage-link interwiki-ml mw-list-item"><a href="https://ml.wikipedia.org/wiki/%E0%B4%B2%E0%B4%BE%E0%B4%B8%E0%B4%B1%E0%B4%B8%E0%B5%8D_%E0%B4%97%E0%B5%8D%E0%B4%B0%E0%B5%82%E0%B4%AA%E0%B5%8D%E0%B4%AA%E0%B5%8D" title="ലാസറസ് ഗ്രൂപ്പ് – Malayalam" lang="ml" hreflang="ml" data-title="ലാസറസ് ഗ്രൂപ്പ്" data-language-autonym="മലയാളം" data-language-local-name="Malayalam" class="interlanguage-link-target"><span>മലയാളം</span></a></li><li class="interlanguage-link interwiki-nl mw-list-item"><a href="https://nl.wikipedia.org/wiki/Lazarus_Group" title="Lazarus Group – Dutch" lang="nl" hreflang="nl" data-title="Lazarus Group" data-language-autonym="Nederlands" data-language-local-name="Dutch" class="interlanguage-link-target"><span>Nederlands</span></a></li><li class="interlanguage-link interwiki-ja mw-list-item"><a href="https://ja.wikipedia.org/wiki/%E3%83%A9%E3%82%B6%E3%83%AB%E3%82%B9%E3%82%B0%E3%83%AB%E3%83%BC%E3%83%97" title="ラザルスグループ – Japanese" lang="ja" hreflang="ja" data-title="ラザルスグループ" data-language-autonym="日本語" data-language-local-name="Japanese" class="interlanguage-link-target"><span>日本語</span></a></li><li class="interlanguage-link interwiki-uz mw-list-item"><a href="https://uz.wikipedia.org/wiki/Lazarus_Group" title="Lazarus Group – Uzbek" lang="uz" hreflang="uz" data-title="Lazarus Group" data-language-autonym="Oʻzbekcha / ўзбекча" data-language-local-name="Uzbek" class="interlanguage-link-target"><span>Oʻzbekcha / ўзбекча</span></a></li><li class="interlanguage-link interwiki-ru mw-list-item"><a href="https://ru.wikipedia.org/wiki/Lazarus_Group" title="Lazarus Group – Russian" lang="ru" hreflang="ru" data-title="Lazarus Group" data-language-autonym="Русский" data-language-local-name="Russian" class="interlanguage-link-target"><span>Русский</span></a></li><li class="interlanguage-link interwiki-uk mw-list-item"><a href="https://uk.wikipedia.org/wiki/Lazarus_Group" title="Lazarus Group – Ukrainian" lang="uk" hreflang="uk" data-title="Lazarus Group" data-language-autonym="Українська" data-language-local-name="Ukrainian" class="interlanguage-link-target"><span>Українська</span></a></li><li class="interlanguage-link interwiki-vi mw-list-item"><a href="https://vi.wikipedia.org/wiki/Nh%C3%B3m_tin_t%E1%BA%B7c_Lazarus" title="Nhóm tin tặc Lazarus – Vietnamese" lang="vi" hreflang="vi" data-title="Nhóm tin tặc Lazarus" data-language-autonym="Tiếng Việt" data-language-local-name="Vietnamese" class="interlanguage-link-target"><span>Tiếng Việt</span></a></li> </ul> <div class="after-portlet after-portlet-lang"><span class="wb-langlinks-edit wb-langlinks-link"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q19284445#sitelinks-wikipedia" title="Edit interlanguage links" class="wbc-editpage">Edit links</a></span></div> </div> </div> </div> </header> <div class="vector-page-toolbar"> <div class="vector-page-toolbar-container"> <div id="left-navigation"> <nav aria-label="Namespaces"> <div id="p-associated-pages" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-associated-pages" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-nstab-main" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Lazarus_Group" title="View the content page [c]" accesskey="c"><span>Article</span></a></li><li id="ca-talk" class="vector-tab-noicon mw-list-item"><a href="/wiki/Talk:Lazarus_Group" rel="discussion" title="Discuss improvements to the content page [t]" accesskey="t"><span>Talk</span></a></li> </ul> </div> </div> <div id="vector-variants-dropdown" class="vector-dropdown emptyPortlet" > <input type="checkbox" id="vector-variants-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-variants-dropdown" class="vector-dropdown-checkbox " aria-label="Change language variant" > <label id="vector-variants-dropdown-label" for="vector-variants-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">English</span> </label> <div class="vector-dropdown-content"> <div id="p-variants" class="vector-menu mw-portlet mw-portlet-variants emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> </div> </div> </nav> </div> <div id="right-navigation" class="vector-collapsible"> <nav aria-label="Views"> <div id="p-views" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-views" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-view" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Lazarus_Group"><span>Read</span></a></li><li id="ca-edit" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Lazarus_Group&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-history" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Lazarus_Group&action=history" title="Past revisions of this page [h]" accesskey="h"><span>View history</span></a></li> </ul> </div> </div> </nav> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-dropdown" class="vector-dropdown vector-page-tools-dropdown" > <input type="checkbox" id="vector-page-tools-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-tools-dropdown" class="vector-dropdown-checkbox " aria-label="Tools" > <label id="vector-page-tools-dropdown-label" for="vector-page-tools-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">Tools</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-tools-unpinned-container" class="vector-unpinned-container"> <div id="vector-page-tools" class="vector-page-tools vector-pinnable-element"> <div class="vector-pinnable-header vector-page-tools-pinnable-header vector-pinnable-header-unpinned" data-feature-name="page-tools-pinned" data-pinnable-element-id="vector-page-tools" data-pinned-container-id="vector-page-tools-pinned-container" data-unpinned-container-id="vector-page-tools-unpinned-container" > <div class="vector-pinnable-header-label">Tools</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-page-tools.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-page-tools.unpin">hide</button> </div> <div id="p-cactions" class="vector-menu mw-portlet mw-portlet-cactions emptyPortlet vector-has-collapsible-items" title="More options" > <div class="vector-menu-heading"> Actions </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-more-view" class="selected vector-more-collapsible-item mw-list-item"><a href="/wiki/Lazarus_Group"><span>Read</span></a></li><li id="ca-more-edit" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Lazarus_Group&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-more-history" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Lazarus_Group&action=history"><span>View history</span></a></li> </ul> </div> </div> <div id="p-tb" class="vector-menu mw-portlet mw-portlet-tb" > <div class="vector-menu-heading"> General </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-whatlinkshere" class="mw-list-item"><a href="/wiki/Special:WhatLinksHere/Lazarus_Group" title="List of all English Wikipedia pages containing links to this page [j]" accesskey="j"><span>What links here</span></a></li><li id="t-recentchangeslinked" class="mw-list-item"><a href="/wiki/Special:RecentChangesLinked/Lazarus_Group" rel="nofollow" title="Recent changes in pages linked from this page [k]" accesskey="k"><span>Related changes</span></a></li><li id="t-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_Upload_Wizard" title="Upload files [u]" accesskey="u"><span>Upload file</span></a></li><li id="t-specialpages" class="mw-list-item"><a href="/wiki/Special:SpecialPages" title="A list of all special pages [q]" accesskey="q"><span>Special pages</span></a></li><li id="t-permalink" class="mw-list-item"><a href="/w/index.php?title=Lazarus_Group&oldid=1256603281" title="Permanent link to this revision of this page"><span>Permanent link</span></a></li><li id="t-info" class="mw-list-item"><a href="/w/index.php?title=Lazarus_Group&action=info" title="More information about this page"><span>Page information</span></a></li><li id="t-cite" class="mw-list-item"><a href="/w/index.php?title=Special:CiteThisPage&page=Lazarus_Group&id=1256603281&wpFormIdentifier=titleform" title="Information on how to cite this page"><span>Cite this page</span></a></li><li id="t-urlshortener" class="mw-list-item"><a href="/w/index.php?title=Special:UrlShortener&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FLazarus_Group"><span>Get shortened URL</span></a></li><li id="t-urlshortener-qrcode" class="mw-list-item"><a href="/w/index.php?title=Special:QrCode&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FLazarus_Group"><span>Download QR code</span></a></li> </ul> </div> </div> <div id="p-coll-print_export" class="vector-menu mw-portlet mw-portlet-coll-print_export" > <div class="vector-menu-heading"> Print/export </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="coll-download-as-rl" class="mw-list-item"><a href="/w/index.php?title=Special:DownloadAsPdf&page=Lazarus_Group&action=show-download-screen" title="Download this page as a PDF file"><span>Download as PDF</span></a></li><li id="t-print" class="mw-list-item"><a href="/w/index.php?title=Lazarus_Group&printable=yes" title="Printable version of this page [p]" accesskey="p"><span>Printable version</span></a></li> </ul> </div> </div> <div id="p-wikibase-otherprojects" class="vector-menu mw-portlet mw-portlet-wikibase-otherprojects" > <div class="vector-menu-heading"> In other projects </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-wikibase" class="wb-otherproject-link wb-otherproject-wikibase-dataitem mw-list-item"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q19284445" title="Structured data on this page hosted by Wikidata [g]" accesskey="g"><span>Wikidata item</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> </div> </div> </div> <div class="vector-column-end"> <div class="vector-sticky-pinned-container"> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-pinned-container" class="vector-pinned-container"> </div> </nav> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-pinned-container" class="vector-pinned-container"> <div id="vector-appearance" class="vector-appearance vector-pinnable-element"> <div class="vector-pinnable-header vector-appearance-pinnable-header vector-pinnable-header-pinned" data-feature-name="appearance-pinned" data-pinnable-element-id="vector-appearance" data-pinned-container-id="vector-appearance-pinned-container" data-unpinned-container-id="vector-appearance-unpinned-container" > <div class="vector-pinnable-header-label">Appearance</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-appearance.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-appearance.unpin">hide</button> </div> </div> </div> </nav> </div> </div> <div id="bodyContent" class="vector-body" aria-labelledby="firstHeading" data-mw-ve-target-container> <div class="vector-body-before-content"> <div class="mw-indicators"> </div> <div id="siteSub" class="noprint">From Wikipedia, the free encyclopedia</div> </div> <div id="contentSub"><div id="mw-content-subtitle"></div></div> <div id="mw-content-text" class="mw-body-content"><div class="mw-content-ltr mw-parser-output" lang="en" dir="ltr"><div class="shortdescription nomobile noexcerpt noprint searchaux" style="display:none">Cybercrime organization</div> <style data-mw-deduplicate="TemplateStyles:r1257001546">.mw-parser-output .infobox-subbox{padding:0;border:none;margin:-3px;width:auto;min-width:100%;font-size:100%;clear:none;float:none;background-color:transparent}.mw-parser-output .infobox-3cols-child{margin:auto}.mw-parser-output .infobox .navbar{font-size:100%}@media screen{html.skin-theme-clientpref-night .mw-parser-output .infobox-full-data:not(.notheme)>div:not(.notheme)[style]{background:#1f1f23!important;color:#f8f9fa}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .infobox-full-data:not(.notheme) div:not(.notheme){background:#1f1f23!important;color:#f8f9fa}}@media(min-width:640px){body.skin--responsive .mw-parser-output .infobox-table{display:table!important}body.skin--responsive .mw-parser-output .infobox-table>caption{display:table-caption!important}body.skin--responsive .mw-parser-output .infobox-table>tbody{display:table-row-group}body.skin--responsive .mw-parser-output .infobox-table tr{display:table-row!important}body.skin--responsive .mw-parser-output .infobox-table th,body.skin--responsive .mw-parser-output .infobox-table td{padding-left:inherit;padding-right:inherit}}</style><table class="infobox vcard"><caption class="infobox-title fn org">Lazarus Group</caption><tbody><tr><td colspan="2" class="infobox-subheader"><div class="nickname" lang="ko">라자루스 조직</div></td></tr><tr><th scope="row" class="infobox-label" style="padding-right:0.6em;">Formation</th><td class="infobox-data note"><abbr title="circa">c.</abbr> 2009<sup class="plainlinks nourlexpansion citation" id="ref_a"><a class="external autonumber" href="https://en.wikipedia.org/wiki/Lazarus_Group#endnote_a">[1]</a></sup></td></tr><tr><th scope="row" class="infobox-label" style="padding-right:0.6em;">Type</th><td class="infobox-data"><a href="/wiki/Advanced_persistent_threat" title="Advanced persistent threat">Advanced persistent threat</a></td></tr><tr><th scope="row" class="infobox-label" style="padding-right:0.6em;">Purpose</th><td class="infobox-data"><a href="/wiki/Cyberespionage" class="mw-redirect" title="Cyberespionage">Cyberespionage</a>, <a href="/wiki/Cyberwarfare" title="Cyberwarfare">cyberwarfare</a></td></tr><tr><th scope="row" class="infobox-label" style="padding-right:0.6em;"><div style="display: inline-block; line-height: 1.2em; padding: .1em 0;">Region </div></th><td class="infobox-data"><a href="/wiki/Potonggang_District" class="mw-redirect" title="Potonggang District">Potonggang District</a>, <a href="/wiki/Pyongyang" title="Pyongyang">Pyongyang</a>, <a href="/wiki/North_Korea" title="North Korea">North Korea</a></td></tr><tr><th scope="row" class="infobox-label" style="padding-right:0.6em;">Methods</th><td class="infobox-data"><a href="/wiki/Zero-day_(computing)" class="mw-redirect" title="Zero-day (computing)">Zero-days</a>, <a href="/wiki/Spearphishing" class="mw-redirect" title="Spearphishing">spearphishing</a>, <a href="/wiki/Malware" title="Malware">malware</a>, <a href="/wiki/Disinformation" title="Disinformation">disinformation</a>, <a href="/wiki/Backdoor_(computing)" title="Backdoor (computing)">backdoors</a>, <a href="/wiki/Dropper_(malware)" title="Dropper (malware)">droppers</a></td></tr><tr><th scope="row" class="infobox-label" style="padding-right:0.6em;"><div style="display: inline-block; line-height: 1.2em; padding: .1em 0;">Official language </div></th><td class="infobox-data"><a href="/wiki/Korean_language" title="Korean language">Korean</a></td></tr><tr><th scope="row" class="infobox-label" style="padding-right:0.6em;"><div style="display: inline-block; line-height: 1.2em; padding: .1em 0;">Parent organization</div></th><td class="infobox-data"><a href="/wiki/Reconnaissance_General_Bureau" title="Reconnaissance General Bureau">Reconnaissance General Bureau</a><br /><a href="/wiki/Korea_Computer_Center" title="Korea Computer Center">Korea Computer Center</a><br />Nonserviam Cyber Warfare Command</td></tr><tr><th scope="row" class="infobox-label" style="padding-right:0.6em;">Affiliations</th><td class="infobox-data"><a href="/wiki/Bureau_121" title="Bureau 121">Bureau 121</a>, <a href="/wiki/Unit_180" title="Unit 180">Unit 180</a>, AndAriel</td></tr><tr><th scope="row" class="infobox-label" style="padding-right:0.6em;"><div style="display: inline-block; line-height: 1.2em; padding: .1em 0;">Formerly called</div></th><td class="infobox-data nickname">APT38<br />Gods Apostles<br />Gods Disciples<br />Guardians of Peace<br />ZINC<br />Whois Team<br />Hidden Cobra<br /></td></tr></tbody></table> <p>The <b>Lazarus Group</b> (also known as <b>Guardians of Peace</b> or <b>Whois Team</b><sup id="cite_ref-Treasury2019_1-0" class="reference"><a href="#cite_note-Treasury2019-1"><span class="cite-bracket">[</span>1<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-2" class="reference"><a href="#cite_note-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-3" class="reference"><a href="#cite_note-3"><span class="cite-bracket">[</span>3<span class="cite-bracket">]</span></a></sup>) is a <a href="/wiki/Hacker" title="Hacker">hacker</a> group made up of an unknown number of individuals, alleged to be run by the government of <a href="/wiki/North_Korea" title="North Korea">North Korea</a>. While not much is known about the Lazarus Group, researchers have attributed many <a href="/wiki/Cyberattacks" class="mw-redirect" title="Cyberattacks">cyberattacks</a> to them since 2010. Originally a criminal group, the group has now been designated as an <a href="/wiki/Advanced_persistent_threat" title="Advanced persistent threat">advanced persistent threat</a> due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include <b>Hidden Cobra</b> (used by the <a href="/wiki/United_States_Department_of_Homeland_Security" title="United States Department of Homeland Security">United States Department of Homeland Security</a> to refer to malicious cyber activity by the North Korean government in general)<sup id="cite_ref-CERT2017_4-0" class="reference"><a href="#cite_note-CERT2017-4"><span class="cite-bracket">[</span>4<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-MITRE_5-0" class="reference"><a href="#cite_note-MITRE-5"><span class="cite-bracket">[</span>5<span class="cite-bracket">]</span></a></sup> and <b>ZINC</b> or <b>Diamond Sleet</b><sup id="cite_ref-ms-threat-actors-24_6-0" class="reference"><a href="#cite_note-ms-threat-actors-24-6"><span class="cite-bracket">[</span>6<span class="cite-bracket">]</span></a></sup> (by <a href="/wiki/Microsoft" title="Microsoft">Microsoft</a>).<sup id="cite_ref-7" class="reference"><a href="#cite_note-7"><span class="cite-bracket">[</span>7<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-8" class="reference"><a href="#cite_note-8"><span class="cite-bracket">[</span>8<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-recorded_9-0" class="reference"><a href="#cite_note-recorded-9"><span class="cite-bracket">[</span>9<span class="cite-bracket">]</span></a></sup> According to North Korean defector <a href="/wiki/Kim_Kuk-song" title="Kim Kuk-song">Kim Kuk-song</a>, the unit is internally known in North Korea as 414 Liaison Office.<sup id="cite_ref-:6_10-0" class="reference"><a href="#cite_note-:6-10"><span class="cite-bracket">[</span>10<span class="cite-bracket">]</span></a></sup> </p><p>The Lazarus Group has strong links to <a href="/wiki/North_Korea" title="North Korea">North Korea</a>.<sup id="cite_ref-11" class="reference"><a href="#cite_note-11"><span class="cite-bracket">[</span>11<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-12" class="reference"><a href="#cite_note-12"><span class="cite-bracket">[</span>12<span class="cite-bracket">]</span></a></sup> The <a href="/wiki/United_States_Department_of_Justice" title="United States Department of Justice">United States Department of Justice</a> has claimed the group is part of the North Korean government's strategy to "undermine global cybersecurity ... and generate illicit revenue in violation of ... sanctions".<sup id="cite_ref-:11_13-0" class="reference"><a href="#cite_note-:11-13"><span class="cite-bracket">[</span>13<span class="cite-bracket">]</span></a></sup> North Korea benefits from conducting cyber operations because it can present an <a href="/wiki/Asymmetric_warfare" title="Asymmetric warfare">asymmetric threat</a> with a small group of operators, especially to South Korea.<sup id="cite_ref-14" class="reference"><a href="#cite_note-14"><span class="cite-bracket">[</span>14<span class="cite-bracket">]</span></a></sup> </p> <meta property="mw:PageProp/toc" /> <div class="mw-heading mw-heading2"><h2 id="History">History</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=1" title="Edit section: History"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>The earliest known attack that the group is responsible for is known as "Operation Troy", which took place from 2009 to 2012. This was a cyber-espionage campaign that utilized unsophisticated <a href="/wiki/Distributed_denial-of-service_attack" class="mw-redirect" title="Distributed denial-of-service attack">distributed denial-of-service attack</a> (DDoS) techniques to target the South Korean government in Seoul. They were also responsible for attacks in 2011 and 2013. It is possible that they were also behind a 2007 attack targeting South Korea, but that is still uncertain.<sup id="cite_ref-15" class="reference"><a href="#cite_note-15"><span class="cite-bracket">[</span>15<span class="cite-bracket">]</span></a></sup> A notable attack that the group is known for is the <a href="/wiki/Sony_Pictures_Entertainment_hack" class="mw-redirect" title="Sony Pictures Entertainment hack">2014 attack on Sony Pictures</a>. The Sony attack used more sophisticated techniques and highlighted how advanced the group has become over time. </p> <figure class="mw-default-size" typeof="mw:File/Thumb"><a href="/wiki/File:Cartel_de_la_orden_de_captura_de_Park_Jin_Hyok.png" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/d/de/Cartel_de_la_orden_de_captura_de_Park_Jin_Hyok.png/220px-Cartel_de_la_orden_de_captura_de_Park_Jin_Hyok.png" decoding="async" width="220" height="260" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/d/de/Cartel_de_la_orden_de_captura_de_Park_Jin_Hyok.png/330px-Cartel_de_la_orden_de_captura_de_Park_Jin_Hyok.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/d/de/Cartel_de_la_orden_de_captura_de_Park_Jin_Hyok.png/440px-Cartel_de_la_orden_de_captura_de_Park_Jin_Hyok.png 2x" data-file-width="813" data-file-height="962" /></a><figcaption><a href="/wiki/FBI" class="mw-redirect" title="FBI">FBI</a> wanted notice for one of the hackers of the Lazarus Group, <a href="/wiki/Park_Jin_Hyok" title="Park Jin Hyok">Park Jin Hyok</a></figcaption></figure> <p>The Lazarus Group were reported to have stolen US$12 million from the Banco del Austro in Ecuador and US$1 million from Vietnam's <a href="/wiki/Tien_Phong_Bank" title="Tien Phong Bank">Tien Phong Bank</a> in 2015.<sup id="cite_ref-16" class="reference"><a href="#cite_note-16"><span class="cite-bracket">[</span>16<span class="cite-bracket">]</span></a></sup> They have also targeted banks in Poland and Mexico.<sup id="cite_ref-:1_17-0" class="reference"><a href="#cite_note-:1-17"><span class="cite-bracket">[</span>17<span class="cite-bracket">]</span></a></sup> The <a href="/wiki/Bangladesh_Bank_heist" class="mw-redirect" title="Bangladesh Bank heist">2016 bank heist</a><sup id="cite_ref-:0_18-0" class="reference"><a href="#cite_note-:0-18"><span class="cite-bracket">[</span>18<span class="cite-bracket">]</span></a></sup> included an attack on the <a href="/wiki/Bangladesh_Bank" title="Bangladesh Bank">Bangladesh Bank</a>, successfully stealing US$81 million and was attributed to the group. In 2017, the Lazarus group was reported to have stolen US$60 million from the Far Eastern International Bank of Taiwan although the actual amount stolen was unclear, and most of the funds were recovered.<sup id="cite_ref-:1_17-1" class="reference"><a href="#cite_note-:1-17"><span class="cite-bracket">[</span>17<span class="cite-bracket">]</span></a></sup> </p><p>It is not clear who is really behind the group, but media reports have suggested the group has links to <a href="/wiki/North_Korea" title="North Korea">North Korea</a>.<sup id="cite_ref-19" class="reference"><a href="#cite_note-19"><span class="cite-bracket">[</span>19<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-20" class="reference"><a href="#cite_note-20"><span class="cite-bracket">[</span>20<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-:1_17-2" class="reference"><a href="#cite_note-:1-17"><span class="cite-bracket">[</span>17<span class="cite-bracket">]</span></a></sup> <a href="/wiki/Kaspersky_Lab" title="Kaspersky Lab">Kaspersky Lab</a> reported in 2017 that Lazarus tended to concentrate on spying and infiltration cyberattacks whereas a sub-group within their organisation, which Kaspersky called Bluenoroff, specialised in financial cyberattacks. Kaspersky found multiple attacks worldwide and a direct link (<a href="/wiki/IP_address" title="IP address">IP address</a>) between Bluenoroff and North Korea.<sup id="cite_ref-21" class="reference"><a href="#cite_note-21"><span class="cite-bracket">[</span>21<span class="cite-bracket">]</span></a></sup> </p><p>However, Kaspersky also acknowledged that the repetition of the code could be a “false flag” meant to mislead investigators and pin the attack on North Korea, given that the worldwide <a href="/wiki/WannaCry" class="mw-redirect" title="WannaCry">WannaCry</a> worm cyber attack copied techniques from the NSA as well. This ransomware leverages an NSA exploit known as <a href="/wiki/EternalBlue" title="EternalBlue">EternalBlue</a> that a hacker group known as <a href="/wiki/Shadow_Brokers" class="mw-redirect" title="Shadow Brokers">Shadow Brokers</a> made public in April 2017. <sup id="cite_ref-22" class="reference"><a href="#cite_note-22"><span class="cite-bracket">[</span>22<span class="cite-bracket">]</span></a></sup> <a href="/wiki/NortonLifeLock" class="mw-redirect" title="NortonLifeLock">Symantec</a> reported in 2017 that it was "highly likely" that Lazarus was behind the WannaCry attack.<sup id="cite_ref-23" class="reference"><a href="#cite_note-23"><span class="cite-bracket">[</span>23<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="2009_Operation_Troy">2009 Operation Troy</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=2" title="Edit section: 2009 Operation Troy"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1236090951">.mw-parser-output .hatnote{font-style:italic}.mw-parser-output div.hatnote{padding-left:1.6em;margin-bottom:0.5em}.mw-parser-output .hatnote i{font-style:normal}.mw-parser-output .hatnote+link+.hatnote{margin-top:-0.5em}@media print{body.ns-0 .mw-parser-output .hatnote{display:none!important}}</style><div role="note" class="hatnote navigation-not-searchable">Main article: <a href="/wiki/July_2009_cyberattacks" class="mw-redirect" title="July 2009 cyberattacks">July 2009 cyberattacks</a></div> <p>The Lazarus Group's first major hacking incident took place on July 4, 2009, and sparked the beginning of "Operation Troy". This attack utilized the <a href="/wiki/Mydoom" title="Mydoom">Mydoom</a> and Dozer malware to launch a large-scale, but quite unsophisticated, DDoS attack against US and South Korean websites. The volley of attacks struck about three dozen websites and placed the text "Memory of Independence Day" in the <a href="/wiki/Master_boot_record" title="Master boot record">master boot record</a> (MBR). </p> <div class="mw-heading mw-heading3"><h3 id="2013_South_Korea_Cyberattack_(Operation_1Mission/_DarkSeoul)"><span id="2013_South_Korea_Cyberattack_.28Operation_1Mission.2F_DarkSeoul.29"></span>2013 South Korea Cyberattack (Operation 1Mission/ DarkSeoul)</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=3" title="Edit section: 2013 South Korea Cyberattack (Operation 1Mission/ DarkSeoul)"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main article: <a href="/wiki/2013_South_Korea_cyberattack" title="2013 South Korea cyberattack">2013 South Korea cyberattack</a></div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">See also: <a href="/wiki/DarkSeoul_(wiper)" class="mw-redirect" title="DarkSeoul (wiper)">DarkSeoul (wiper)</a></div> <p>Over time, attacks from this group have grown more sophisticated; their techniques and tools have become better developed and more effective. The March 2011 attack known as "Ten Days of Rain" targeted South Korean media, financial, and critical infrastructure, and consisted of more sophisticated DDoS attacks that originated from compromised computers within South Korea. The attacks continued on March 20, 2013, with DarkSeoul, a wiper attack that targeted three South Korean broadcast companies, financial institutes, and an ISP. At the time, two other groups going by the personas ″NewRomanic Cyber Army Team and WhoIs Team″, took credit for that attack but researchers did not know the Lazarus Group was behind it at the time. Researchers today know the Lazarus Group as a supergroup behind the disruptive attacks.<sup id="cite_ref-24" class="reference"><a href="#cite_note-24"><span class="cite-bracket">[</span>24<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="Late_2014:_Sony_breach">Late 2014: Sony breach</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=4" title="Edit section: Late 2014: Sony breach"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main article: <a href="/wiki/Sony_Pictures_hack" class="mw-redirect" title="Sony Pictures hack">Sony Pictures hack</a></div> <p>The Lazarus Group attacks culminated on November 24, 2014. On that day, a Reddit post appeared stating that <a href="/wiki/Sony_Pictures_Entertainment" class="mw-redirect" title="Sony Pictures Entertainment">Sony Pictures</a> <a href="/wiki/Sony_Pictures_Entertainment_hack" class="mw-redirect" title="Sony Pictures Entertainment hack">had been hacked</a> via unknown means; the perpetrators identified themselves as the "Guardians of Peace". Large amounts of data were stolen and slowly leaked in the days following the attack. An interview with someone claiming to be part of the group stated that they had been siphoning Sony's data for over a year.<sup id="cite_ref-25" class="reference"><a href="#cite_note-25"><span class="cite-bracket">[</span>25<span class="cite-bracket">]</span></a></sup> </p><p>The hackers were able to access previously unreleased films, scripts for certain films, plans for future films, information about executive salaries at the company, emails, and the personal information of around 4,000 employees.<sup id="cite_ref-26" class="reference"><a href="#cite_note-26"><span class="cite-bracket">[</span>26<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="Early_2016_Investigation:_Operation_Blockbuster">Early 2016 Investigation: Operation Blockbuster</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=5" title="Edit section: Early 2016 Investigation: Operation Blockbuster"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Under the name ″Operation Blockbuster″, a coalition of security companies, led by Novetta,<sup id="cite_ref-27" class="reference"><a href="#cite_note-27"><span class="cite-bracket">[</span>27<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-28" class="reference"><a href="#cite_note-28"><span class="cite-bracket">[</span>28<span class="cite-bracket">]</span></a></sup> was able to analyse malware samples found in different cyber-security incidents. Using that data, the team was able to analyse the methods used by the hackers. They linked the Lazarus Group to a number of attacks through a pattern of code re-usage.<sup id="cite_ref-29" class="reference"><a href="#cite_note-29"><span class="cite-bracket">[</span>29<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="2016_Bangladesh_Bank_cyber_heist">2016 Bangladesh Bank cyber heist</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=6" title="Edit section: 2016 Bangladesh Bank cyber heist"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main article: <a href="/wiki/Bangladesh_Bank_robbery" title="Bangladesh Bank robbery">Bangladesh Bank robbery</a></div> <p>Bangladesh Bank cyber heist, was a theft that took place in February 2016. Thirty-five fraudulent instructions were issued by security hackers via the SWIFT network to illegally transfer close to US$1 billion from the Federal Reserve Bank of New York account belonging to Bangladesh Bank, the central bank of Bangladesh. Five of the thirty-five fraudulent instructions were successful in transferring US$101 million, with US$20 million traced to Sri Lanka and US$81 million to the Philippines. The Federal Reserve Bank of New York blocked the remaining thirty transactions, amounting to US$850 million, due to suspicions raised by a misspelled instruction.<sup id="cite_ref-30" class="reference"><a href="#cite_note-30"><span class="cite-bracket">[</span>30<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-31" class="reference"><a href="#cite_note-31"><span class="cite-bracket">[</span>31<span class="cite-bracket">]</span></a></sup> Cybersecurity experts claimed that the North Korea–based Lazarus Group was behind the attack.<sup id="cite_ref-32" class="reference"><a href="#cite_note-32"><span class="cite-bracket">[</span>32<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-33" class="reference"><a href="#cite_note-33"><span class="cite-bracket">[</span>33<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="May_2017_WannaCry_ransomware_attack">May 2017 WannaCry ransomware attack</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=7" title="Edit section: May 2017 WannaCry ransomware attack"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main article: <a href="/wiki/WannaCry_ransomware_attack" title="WannaCry ransomware attack">WannaCry ransomware attack</a></div> <p>The <a href="/wiki/WannaCry_ransomware_attack" title="WannaCry ransomware attack">WannaCry attack</a> was a massive ransomware cyberattack that hit institutions across the globe ranging all the way from the NHS in Britain, to Boeing, and even to Universities in China on the 12th of May, 2017. The attack lasted 7 hours and 19 minutes. <a href="/wiki/Europol" title="Europol">Europol</a> estimates it affected nearly 200,000 computers in 150 countries, primarily affecting Russia, India, Ukraine, and Taiwan. This was one of the first attacks of a <b>cryptoworm</b>. Cryptoworms are a class of malware that travels between computers using networks, without requiring direct user action for infection — in this case, exploiting <a href="/wiki/EternalBlue" title="EternalBlue">TCP port 445</a>.<sup id="cite_ref-34" class="reference"><a href="#cite_note-34"><span class="cite-bracket">[</span>34<span class="cite-bracket">]</span></a></sup> To be infected, there is no need to click on a bad link - the malware can spread autonomously, from a computer to a connected printer, and then beyond to adjacent computers, perhaps connected to the wifi, etc. The port 445 vulnerability allowed the malware to move freely across intranets, and infect thousands of computers rapidly. The Wannacry attack was one of the first large scale uses of a cryptoworm.<sup id="cite_ref-35" class="reference"><a href="#cite_note-35"><span class="cite-bracket">[</span>35<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-:7_36-0" class="reference"><a href="#cite_note-:7-36"><span class="cite-bracket">[</span>36<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading4"><h4 id="Attack">Attack</h4><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=8" title="Edit section: Attack"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>The virus exploited a vulnerability in the Windows operating system, then encrypted the computer's data in return for a sum of Bitcoin worth roughly $300 to get the key. In order to encourage payment, the ransom demand doubled after three days, and if not paid in a week, the malware deletes the encrypted data files. The malware used a legitimate piece of software called Windows Crypto, made by Microsoft to scramble the files. Once the encryption is completed, the filename has "Wincry" appended, which is the root of the Wannacry name. Wincry was the base of the encryption, but two additional exploits, <i>EternalBlue</i> and <i>DoublePulsar</i>, were used by the malware to make it a cryptoworm. <i><a href="/wiki/EternalBlue" title="EternalBlue">EternalBlue</a></i> automatically spreads the virus through networks, while <i><a href="/wiki/DoublePulsar" title="DoublePulsar">DoublePulsar</a></i> triggered it to activate on a victim's computer. In other words, <i>EternalBlue</i> got the infected link to your computer, and <i>DoublePulsar</i> clicked it for you.<sup id="cite_ref-:7_36-1" class="reference"><a href="#cite_note-:7-36"><span class="cite-bracket">[</span>36<span class="cite-bracket">]</span></a></sup> </p><p>Security researcher <a href="/wiki/Marcus_Hutchins" title="Marcus Hutchins">Marcus Hutchins</a> brought the attack to an end when he received a copy of the virus from a friend at a security research company and discovered a <a href="/wiki/Kill_switch" title="Kill switch">kill switch</a> hardcoded into the virus. The malware included a periodic check to see if a specific <a href="/wiki/Domain_name" title="Domain name">domain name</a> was registered, and would only proceed with encryption if that domain name did not exist. Hutchins identified this check, then promptly registered the relevant domain at 3:03 pm UTC. The malware immediately stopped propagating itself and infecting new machines. This was very interesting, and is a clue as to who created the virus. Usually stopping malware takes months of back and forth fighting between the hackers and security experts, so this easy win was unexpected. Another very interesting and unusual aspect of the attack was that the files were not recoverable after paying the ransom: only $160,000 was collected, leading many to believe that the hackers weren't after the money.<sup id="cite_ref-:7_36-2" class="reference"><a href="#cite_note-:7-36"><span class="cite-bracket">[</span>36<span class="cite-bracket">]</span></a></sup> </p><p>The easy kill switch and lack of revenue led many to believe that the attack was state-sponsored; the motive was not financial compensation, but just to cause chaos. After the attack security experts traced the <i>DoublePulsar</i> exploit back to the <a href="/wiki/National_Security_Agency" title="National Security Agency">United States NSA</a> where the exploit had been developed as a <a href="/wiki/Cyberweapon" title="Cyberweapon">cyberweapon</a>. The exploit was then stolen by the Shadow Brokers hacker group, who first tried to auction it off, but after failing to do that simply gave it away for free.<sup id="cite_ref-:7_36-3" class="reference"><a href="#cite_note-:7-36"><span class="cite-bracket">[</span>36<span class="cite-bracket">]</span></a></sup> The NSA subsequently revealed the vulnerability to Microsoft who issued an update on March 14, 2017, a little under a month before the attack occurred. It wasn't enough. The update wasn't mandatory and the majority of computers with the vulnerability had not resolved the issue by the time May 12 rolled around, leading to the astonishing effectiveness of the attack. </p> <div class="mw-heading mw-heading4"><h4 id="Aftermath">Aftermath</h4><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=9" title="Edit section: Aftermath"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>The <a href="/wiki/United_States_Department_of_Justice" title="United States Department of Justice">US Department of Justice</a> and British authorities later attributed the WannaCry attack on the North Korean hacking gang, the Lazarus group.<sup id="cite_ref-:11_13-1" class="reference"><a href="#cite_note-:11-13"><span class="cite-bracket">[</span>13<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="2017_cryptocurrency_attacks">2017 cryptocurrency attacks</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=10" title="Edit section: 2017 cryptocurrency attacks"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>In 2018, <a href="/wiki/Recorded_Future" title="Recorded Future">Recorded Future</a> issued a report linking the Lazarus Group to attacks on cryptocurrency <a href="/wiki/Bitcoin" title="Bitcoin">Bitcoin</a> and <a href="/wiki/Monero_(cryptocurrency)" class="mw-redirect" title="Monero (cryptocurrency)">Monero</a> users mostly in South Korea.<sup id="cite_ref-:2_37-0" class="reference"><a href="#cite_note-:2-37"><span class="cite-bracket">[</span>37<span class="cite-bracket">]</span></a></sup> These attacks were reported to be technically similar to previous attacks using the WannaCry ransomware and the attacks on Sony Pictures.<sup id="cite_ref-:3_38-0" class="reference"><a href="#cite_note-:3-38"><span class="cite-bracket">[</span>38<span class="cite-bracket">]</span></a></sup> One of the tactics used by Lazarus hackers was to exploit vulnerabilities in <a href="/wiki/Hancom" title="Hancom">Hancom</a>'s <a href="/wiki/Hangul_(word_processor)" title="Hangul (word processor)">Hangul</a>, a South Korean word processing software.<sup id="cite_ref-:3_38-1" class="reference"><a href="#cite_note-:3-38"><span class="cite-bracket">[</span>38<span class="cite-bracket">]</span></a></sup> Another tactic was to use <a href="/wiki/Phishing#CITEREFrajput2023" title="Phishing">spear-phishing</a> lures containing malware and which were sent to South Korean students and users of cryptocurrency exchanges like Coinlink. If the user opened the malware it stole email addresses and passwords.<sup id="cite_ref-:4_39-0" class="reference"><a href="#cite_note-:4-39"><span class="cite-bracket">[</span>39<span class="cite-bracket">]</span></a></sup> Coinlink denied their site or users emails and passwords had been hacked.<sup id="cite_ref-:4_39-1" class="reference"><a href="#cite_note-:4-39"><span class="cite-bracket">[</span>39<span class="cite-bracket">]</span></a></sup> The report concluded that “This late-2017 campaign is a continuation of North Korea’s interest in cryptocurrency, which we now know encompasses a broad range of activities including mining, ransomware, and outright theft...” <sup id="cite_ref-:2_37-1" class="reference"><a href="#cite_note-:2-37"><span class="cite-bracket">[</span>37<span class="cite-bracket">]</span></a></sup> The report also said that North Korea was using these cryptocurrency attacks to avoid international financial sanctions.<sup id="cite_ref-40" class="reference"><a href="#cite_note-40"><span class="cite-bracket">[</span>40<span class="cite-bracket">]</span></a></sup> </p><p>North Korean hackers stole US$7 million from <a href="/wiki/Bithumb" title="Bithumb">Bithumb</a>, a South Korean exchange in February 2017.<sup id="cite_ref-41" class="reference"><a href="#cite_note-41"><span class="cite-bracket">[</span>41<span class="cite-bracket">]</span></a></sup> Youbit, another South Korean Bitcoin exchange company, filed for bankruptcy in December 2017 after 17% of its assets were stolen by cyberattacks following an earlier attack in April 2017.<sup id="cite_ref-42" class="reference"><a href="#cite_note-42"><span class="cite-bracket">[</span>42<span class="cite-bracket">]</span></a></sup> Lazarus and North Korean hackers were blamed for the attacks.<sup id="cite_ref-43" class="reference"><a href="#cite_note-43"><span class="cite-bracket">[</span>43<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-:2_37-2" class="reference"><a href="#cite_note-:2-37"><span class="cite-bracket">[</span>37<span class="cite-bracket">]</span></a></sup> <a href="/wiki/NiceHash" title="NiceHash">Nicehash</a>, a cryptocurrency cloud mining marketplace lost over 4,500 Bitcoin in December 2017. An update about the investigations claimed that the attack is linked to the Lazarus Group.<sup id="cite_ref-44" class="reference"><a href="#cite_note-44"><span class="cite-bracket">[</span>44<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="September_2019_attacks">September 2019 attacks</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=11" title="Edit section: September 2019 attacks"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>In mid-September 2019, the USA issued a public alert about a new version of malware dubbed ElectricFish.<sup id="cite_ref-:5_45-0" class="reference"><a href="#cite_note-:5-45"><span class="cite-bracket">[</span>45<span class="cite-bracket">]</span></a></sup> Since the beginning of 2019, North Korean agents have attempted five major cyber-thefts world-wide, including a successful $49 million theft from an institution in <a href="/wiki/Kuwait" title="Kuwait">Kuwait</a>.<sup id="cite_ref-:5_45-1" class="reference"><a href="#cite_note-:5-45"><span class="cite-bracket">[</span>45<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="Late_2020_pharmaceutical_company_attacks">Late 2020 pharmaceutical company attacks</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=12" title="Edit section: Late 2020 pharmaceutical company attacks"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Due to the ongoing <a href="/wiki/COVID-19_pandemic" title="COVID-19 pandemic">COVID-19 pandemic</a>, pharmaceutical companies became major targets for the Lazarus Group. Using spear-phishing techniques, Lazarus Group members posed as health officials and contacted pharmaceutical company employees with malicious links. It is thought that multiple major pharma organizations were targeted, but the only one that has been confirmed was the Anglo-Swedish-owned <a href="/wiki/AstraZeneca" title="AstraZeneca">AstraZeneca</a>. According to a report by Reuters,<sup id="cite_ref-46" class="reference"><a href="#cite_note-46"><span class="cite-bracket">[</span>46<span class="cite-bracket">]</span></a></sup> a wide range of employees were targeted, including many involved in COVID-19 vaccine research. It is unknown what the Lazarus Group's goal was in these attacks, but the likely possibilities include: </p> <ul><li>Stealing sensitive information to be sold for profit.</li> <li>Extortion schemes.</li> <li>Giving foreign regimes access to proprietary COVID-19 research.</li></ul> <p>AstraZeneca has not commented on the incident and experts do not believe any sensitive data has been compromised as of yet.<sup class="noprint Inline-Template" style="white-space:nowrap;">[<i><a href="/wiki/Wikipedia:Manual_of_Style/Dates_and_numbers#Chronological_items" title="Wikipedia:Manual of Style/Dates and numbers"><span title="The time period mentioned near this tag is ambiguous. (August 2021)">as of?</span></a></i>]</sup> </p> <div class="mw-heading mw-heading3"><h3 id="January_2021_attacks_targeting_cybersecurity_researchers">January 2021 attacks targeting cybersecurity researchers</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=13" title="Edit section: January 2021 attacks targeting cybersecurity researchers"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>In January 2021, <a href="/wiki/Google" title="Google">Google</a> and <a href="/wiki/Microsoft" title="Microsoft">Microsoft</a> both publicly reported on a group of North Korean hackers targeting cybersecurity researchers via a <a href="/wiki/Social_engineering_(security)" title="Social engineering (security)">social engineering</a> campaign, with Microsoft specifically attributing the campaign to the Lazarus Group.<sup id="cite_ref-:8_47-0" class="reference"><a href="#cite_note-:8-47"><span class="cite-bracket">[</span>47<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-:9_48-0" class="reference"><a href="#cite_note-:9-48"><span class="cite-bracket">[</span>48<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-:10_49-0" class="reference"><a href="#cite_note-:10-49"><span class="cite-bracket">[</span>49<span class="cite-bracket">]</span></a></sup> </p><p>The hackers created multiple user profiles on <a href="/wiki/Twitter" title="Twitter">Twitter</a>, <a href="/wiki/GitHub" title="GitHub">GitHub</a>, and <a href="/wiki/LinkedIn" title="LinkedIn">LinkedIn</a> posing as legitimate <a href="/wiki/Vulnerability_(computing)" class="mw-redirect" title="Vulnerability (computing)">software vulnerability</a> researchers, and used those profiles to interact with posts and content made by others in the security research community. The hackers would then target specific security researchers by contacting them directly with an offer to collaborate on research, with the goal of getting the victim to download a file containing malware, or to visit a blog post on a website controlled by the hackers.<sup id="cite_ref-:10_49-1" class="reference"><a href="#cite_note-:10-49"><span class="cite-bracket">[</span>49<span class="cite-bracket">]</span></a></sup> </p><p>Some victims who visited the blog post reported that their computers were compromised despite using fully <a href="/wiki/Patch_(computing)" title="Patch (computing)">patched</a> versions of the <a href="/wiki/Google_Chrome" title="Google Chrome">Google Chrome</a> browser, suggesting that the hackers may have used a previously unknown <a href="/wiki/Zero-day_(computing)" class="mw-redirect" title="Zero-day (computing)">zero-day vulnerability</a> affecting Chrome for the attack;<sup id="cite_ref-:8_47-1" class="reference"><a href="#cite_note-:8-47"><span class="cite-bracket">[</span>47<span class="cite-bracket">]</span></a></sup> however, Google stated that they were unable to confirm the exact method of compromise at the time of the report.<sup id="cite_ref-:9_48-1" class="reference"><a href="#cite_note-:9-48"><span class="cite-bracket">[</span>48<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="March_2022_online_game_Axie_Infinity_attack">March 2022 online game Axie Infinity attack</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=14" title="Edit section: March 2022 online game Axie Infinity attack"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>In March 2022, the Lazarus Group was found responsible for stealing $620 million worth of cryptocurrencies from the Ronin Network, a bridge used by the <a href="/wiki/Axie_Infinity" title="Axie Infinity">Axie Infinity</a> game.<sup id="cite_ref-:12_50-0" class="reference"><a href="#cite_note-:12-50"><span class="cite-bracket">[</span>50<span class="cite-bracket">]</span></a></sup> The FBI said "Through our investigations we were able to confirm the Lazarus Group and APT38, cyber actors associated with [North Korea], are responsible for the theft".<sup id="cite_ref-51" class="reference"><a href="#cite_note-51"><span class="cite-bracket">[</span>51<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="June_2022_Horizon_Bridge_attack">June 2022 Horizon Bridge attack</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=15" title="Edit section: June 2022 Horizon Bridge attack"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>The FBI confirmed that the North Korean malicious cyber actor group Lazarus (also known as APT38) was responsible for the theft of $100 million of virtual currency from Harmony's Horizon bridge reported on June 24, 2022.<sup id="cite_ref-52" class="reference"><a href="#cite_note-52"><span class="cite-bracket">[</span>52<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="2023_cryptocurrency_attacks">2023 cryptocurrency attacks</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=16" title="Edit section: 2023 cryptocurrency attacks"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>A report published by blockchain security platform Immunefi, alleged that Lazarus was responsible for over $300 million in losses across crypto hacking incidents in 2023. The amount represents 17.6% of the year's total losses.<sup id="cite_ref-:12_50-1" class="reference"><a href="#cite_note-:12-50"><span class="cite-bracket">[</span>50<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading4"><h4 id="June_2023_Atomic_Wallet_attack">June 2023 Atomic Wallet attack</h4><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=17" title="Edit section: June 2023 Atomic Wallet attack"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>In June 2023 over $100 million in cryptocurrency was stolen from users of the Atomic Wallet service,<sup id="cite_ref-53" class="reference"><a href="#cite_note-53"><span class="cite-bracket">[</span>53<span class="cite-bracket">]</span></a></sup> and this was later confirmed by the FBI.<sup id="cite_ref-54" class="reference"><a href="#cite_note-54"><span class="cite-bracket">[</span>54<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading4"><h4 id="September_2023_Stake.com_hack">September 2023 Stake.com hack</h4><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=18" title="Edit section: September 2023 Stake.com hack"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>In September 2023 the FBI confirmed that a $41 million theft of cryptocurrency from Stake.com, an online casino and betting platform, was perpetrated by the Lazarus Group.<sup id="cite_ref-55" class="reference"><a href="#cite_note-55"><span class="cite-bracket">[</span>55<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="U.S._sanctions">U.S. sanctions</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=19" title="Edit section: U.S. sanctions"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>On 14 April 2022, the <a href="/wiki/United_States_Department_of_the_Treasury" title="United States Department of the Treasury">US Treasury</a>'s <a href="/wiki/Office_of_Foreign_Assets_Control" title="Office of Foreign Assets Control">OFAC</a> placed Lazarus on the <a href="/wiki/Specially_Designated_Nationals_and_Blocked_Persons_List" title="Specially Designated Nationals and Blocked Persons List">SDN List</a> under North Korea Sanctions Regulations section 510.214.<sup id="cite_ref-56" class="reference"><a href="#cite_note-56"><span class="cite-bracket">[</span>56<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="2024_cryptocurrency_attack">2024 cryptocurrency attack</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=20" title="Edit section: 2024 cryptocurrency attack"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>According to Indian media reports, a local cryptocurrency exchange named <a href="/wiki/2024_WazirX_hack" title="2024 WazirX hack">WazirX</a> was hacked by the group and $234.9 million worth of crypto assets have been stolen.<sup id="cite_ref-57" class="reference"><a href="#cite_note-57"><span class="cite-bracket">[</span>57<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Education">Education</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=21" title="Edit section: Education"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>North Korean hackers are sent vocationally to <a href="/wiki/Shenyang" title="Shenyang">Shenyang</a>, China for special training. They are trained to deploy <a href="/wiki/Malware" title="Malware">malware</a> of all types onto computers, computer networks, and servers. Education domestically includes the <a href="/wiki/Kim_Chaek_University_of_Technology" title="Kim Chaek University of Technology">Kim Chaek University of Technology</a>, <a href="/wiki/Kim_Il-sung_University" class="mw-redirect" title="Kim Il-sung University">Kim Il-sung University</a> and Moranbong University, which picks the brightest students from across the country and puts them through six years of special education.<sup id="cite_ref-:6_10-1" class="reference"><a href="#cite_note-:6-10"><span class="cite-bracket">[</span>10<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-58" class="reference"><a href="#cite_note-58"><span class="cite-bracket">[</span>58<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Units">Units</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=22" title="Edit section: Units"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Lazarus is believed to have two units.<sup id="cite_ref-59" class="reference"><a href="#cite_note-59"><span class="cite-bracket">[</span>59<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-Treasury2019(2)_60-0" class="reference"><a href="#cite_note-Treasury2019(2)-60"><span class="cite-bracket">[</span>60<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="BlueNorOff">BlueNorOff</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=23" title="Edit section: BlueNorOff"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>BlueNorOff (also known as: APT38, Stardust Chollima, BeagleBoyz, NICKEL GLADSTONE<sup id="cite_ref-HHS2021_61-0" class="reference"><a href="#cite_note-HHS2021-61"><span class="cite-bracket">[</span>61<span class="cite-bracket">]</span></a></sup>) is a financially motivated group that is responsible for the illegal transfers of money via forging orders from <a href="/wiki/Society_for_Worldwide_Interbank_Financial_Telecommunication" class="mw-redirect" title="Society for Worldwide Interbank Financial Telecommunication">SWIFT</a>. BlueNorOff is also called <b>APT38</b> (by <a href="/wiki/Mandiant" title="Mandiant">Mandiant</a>) and <b>Stardust Chollima</b> (by <a href="/wiki/Crowdstrike" class="mw-redirect" title="Crowdstrike">Crowdstrike</a>).<sup id="cite_ref-62" class="reference"><a href="#cite_note-62"><span class="cite-bracket">[</span>62<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-63" class="reference"><a href="#cite_note-63"><span class="cite-bracket">[</span>63<span class="cite-bracket">]</span></a></sup> </p><p>According to a 2020 report by the U.S. Army, Bluenoroff has about 1,700 members carrying out financial cybercrime by concentrating on long-term assessment and exploiting enemy network vulnerabilities and systems for financial gain for the regime or to take control of the system.<sup id="cite_ref-Army2020_64-0" class="reference"><a href="#cite_note-Army2020-64"><span class="cite-bracket">[</span>64<span class="cite-bracket">]</span></a></sup> They target financial institutions and cryptocurrency exchanges, including over 16 organizations in at least 13 countries<sup id="cite_ref-65" class="reference"><a href="#cite_note-65"><span class="cite-bracket">[</span>a<span class="cite-bracket">]</span></a></sup> between 2014 and 2021: Bangladesh, Chile, India, Mexico, Pakistan, the Philippines, South Korea, Taiwan, Turkey, and Vietnam. The revenue is believed to go towards the development of missile and nuclear technology.<sup id="cite_ref-HHS2021_61-1" class="reference"><a href="#cite_note-HHS2021-61"><span class="cite-bracket">[</span>61<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-Treasury2019(2)_60-2" class="reference"><a href="#cite_note-Treasury2019(2)-60"><span class="cite-bracket">[</span>60<span class="cite-bracket">]</span></a></sup> </p><p>BlueNorOff's most infamous attack was the 2016 <a href="/wiki/Bangladesh_Bank_robbery" title="Bangladesh Bank robbery">Bangladesh Bank robbery</a> in which they tried to use the <a href="/wiki/Society_for_Worldwide_Interbank_Financial_Telecommunication" class="mw-redirect" title="Society for Worldwide Interbank Financial Telecommunication">SWIFT network</a> to illegally transfer close to US$1 billion from the <a href="/wiki/Federal_Reserve_Bank_of_New_York" title="Federal Reserve Bank of New York">Federal Reserve Bank of New York</a> account belonging to <a href="/wiki/Bangladesh_Bank" title="Bangladesh Bank">Bangladesh Bank</a>, the central bank of Bangladesh. After several of the transactions went through (US$20 million traced to <a href="/wiki/Sri_Lanka" title="Sri Lanka">Sri Lanka</a> and US$81 million to the <a href="/wiki/Philippines" title="Philippines">Philippines</a>), the Federal Reserve Bank of New York blocked the remaining transactions, due to suspicions raised by a misspelling.<sup id="cite_ref-Treasury2019(2)_60-3" class="reference"><a href="#cite_note-Treasury2019(2)-60"><span class="cite-bracket">[</span>60<span class="cite-bracket">]</span></a></sup> </p><p>Malware associated with BlueNorOff include: "<a href="/wiki/DarkComet" title="DarkComet">DarkComet</a>, <a href="/wiki/Mimikatz" title="Mimikatz">Mimikatz</a>, <a href="/w/index.php?title=Nestegg&action=edit&redlink=1" class="new" title="Nestegg (page does not exist)">Nestegg</a>, <a href="/w/index.php?title=Macktruck&action=edit&redlink=1" class="new" title="Macktruck (page does not exist)">Macktruck</a>, <a href="/wiki/WannaCry_ransomware_attack" title="WannaCry ransomware attack">WannaCry</a>, <a href="/w/index.php?title=Whiteout_(malware)&action=edit&redlink=1" class="new" title="Whiteout (malware) (page does not exist)">Whiteout</a>, <a href="/w/index.php?title=Quickcafe&action=edit&redlink=1" class="new" title="Quickcafe (page does not exist)">Quickcafe</a>, <a href="/wiki/Rawhide_(computing)" class="mw-redirect" title="Rawhide (computing)">Rawhide</a>, <a href="/w/index.php?title=Smoothride&action=edit&redlink=1" class="new" title="Smoothride (page does not exist)">Smoothride</a>, <a href="/wiki/TightVNC" title="TightVNC">TightVNC</a>, <a href="/w/index.php?title=Sorrybrute&action=edit&redlink=1" class="new" title="Sorrybrute (page does not exist)">Sorrybrute</a>, <a href="/w/index.php?title=Keylime_(malware)&action=edit&redlink=1" class="new" title="Keylime (malware) (page does not exist)">Keylime</a>, <a href="/w/index.php?title=Snapshot_(malware)&action=edit&redlink=1" class="new" title="Snapshot (malware) (page does not exist)">Snapshot</a>, <a href="/w/index.php?title=Mapmaker_(malware)&action=edit&redlink=1" class="new" title="Mapmaker (malware) (page does not exist)">Mapmaker</a>, <a href="/wiki/Net.exe" class="mw-redirect" title="Net.exe">net.exe</a>, <a href="/wiki/Sysmon" class="mw-redirect" title="Sysmon">sysmon</a>, <a href="/w/index.php?title=Bootwreck&action=edit&redlink=1" class="new" title="Bootwreck (page does not exist)">Bootwreck</a>, <a href="/w/index.php?title=Cleantoad&action=edit&redlink=1" class="new" title="Cleantoad (page does not exist)">Cleantoad</a>, <a href="/w/index.php?title=Closeshave&action=edit&redlink=1" class="new" title="Closeshave (page does not exist)">Closeshave</a>, <a href="/wiki/Dyepack" class="mw-redirect" title="Dyepack">Dyepack</a>, <a href="/w/index.php?title=Hermes_(malware)&action=edit&redlink=1" class="new" title="Hermes (malware) (page does not exist)">Hermes</a>, <a href="/w/index.php?title=Twopence_(malware)&action=edit&redlink=1" class="new" title="Twopence (malware) (page does not exist)">Twopence</a>, <a href="/w/index.php?title=Electricfish&action=edit&redlink=1" class="new" title="Electricfish (page does not exist)">Electricfish</a>, <a href="/w/index.php?title=Powerratankba&action=edit&redlink=1" class="new" title="Powerratankba (page does not exist)">Powerratankba</a>, and <a href="/w/index.php?title=Powerspritz&action=edit&redlink=1" class="new" title="Powerspritz (page does not exist)">Powerspritz</a>"<sup id="cite_ref-HHS2021_61-2" class="reference"><a href="#cite_note-HHS2021-61"><span class="cite-bracket">[</span>61<span class="cite-bracket">]</span></a></sup> </p><p>Tactics commonly used by BlueNorOff include: phishing, backdoors,<sup id="cite_ref-Treasury2019(2)_60-4" class="reference"><a href="#cite_note-Treasury2019(2)-60"><span class="cite-bracket">[</span>60<span class="cite-bracket">]</span></a></sup> Drive-by compromise, <a href="/wiki/Watering_hole_attack" title="Watering hole attack">Watering hole attack</a>, exploitation of insecure out-of-date versions of <a href="/wiki/Apache_Struts_2" class="mw-redirect" title="Apache Struts 2">Apache Struts 2</a> to execute code on a system, strategic web compromise, and accessing Linux servers.<sup id="cite_ref-HHS2021_61-3" class="reference"><a href="#cite_note-HHS2021-61"><span class="cite-bracket">[</span>61<span class="cite-bracket">]</span></a></sup> It's reported that they sometimes work together with criminal hackers.<sup id="cite_ref-66" class="reference"><a href="#cite_note-66"><span class="cite-bracket">[</span>65<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="AndAriel">AndAriel</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=24" title="Edit section: AndAriel"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p><b>AndAriel</b> (also spelled Andarial,<sup id="cite_ref-Army2020_64-1" class="reference"><a href="#cite_note-Army2020-64"><span class="cite-bracket">[</span>64<span class="cite-bracket">]</span></a></sup> and also known as: Silent Chollima, Dark Seoul, Rifle, and Wassonite<sup id="cite_ref-HHS2021_61-4" class="reference"><a href="#cite_note-HHS2021-61"><span class="cite-bracket">[</span>61<span class="cite-bracket">]</span></a></sup>) is logistically characterized by its targeting of <a href="/wiki/South_Korea" title="South Korea">South Korea</a>. AndAriel's alternative name is called <b>Silent Chollima</b> due to the stealthy nature of the subgroup.<sup id="cite_ref-67" class="reference"><a href="#cite_note-67"><span class="cite-bracket">[</span>66<span class="cite-bracket">]</span></a></sup> Any organization in South Korea is vulnerable to AndAriel. Targets include government, defense, and any economic symbol.<sup id="cite_ref-68" class="reference"><a href="#cite_note-68"><span class="cite-bracket">[</span>67<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-69" class="reference"><a href="#cite_note-69"><span class="cite-bracket">[</span>68<span class="cite-bracket">]</span></a></sup> </p><p>According to a 2020 report by the U.S. Army, Andarial has about 1,600 members whose mission is reconnaissance, assessment of the network vulnerabilities, and mapping the enemy network for potential attack.<sup id="cite_ref-Army2020_64-2" class="reference"><a href="#cite_note-Army2020-64"><span class="cite-bracket">[</span>64<span class="cite-bracket">]</span></a></sup> In addition to South Korea, they also target other governments, infrastructure, and businesses. Attack vectors include: ActiveX, vulnerabilities in South Korean software, <a href="/wiki/Watering_hole_attack" title="Watering hole attack">watering hole attacks</a>, <a href="/wiki/Spear_phishing" class="mw-redirect" title="Spear phishing">spear phishing</a> (macro), IT management products (antivirus, PMS), and <a href="/wiki/Supply_chain_attack" title="Supply chain attack">supply chain</a> (installers and updaters). Malware used include: <a href="/w/index.php?title=Aryan_(malware)&action=edit&redlink=1" class="new" title="Aryan (malware) (page does not exist)">Aryan</a>, <a href="/wiki/Gh0st_RAT" class="mw-redirect" title="Gh0st RAT">Gh0st RAT</a>, <a href="/w/index.php?title=Rifdoor&action=edit&redlink=1" class="new" title="Rifdoor (page does not exist)">Rifdoor</a>, <a href="/w/index.php?title=Phandoor&action=edit&redlink=1" class="new" title="Phandoor (page does not exist)">Phandoor</a>, and <a href="/w/index.php?title=Andarat&action=edit&redlink=1" class="new" title="Andarat (page does not exist)">Andarat</a>.<sup id="cite_ref-HHS2021_61-5" class="reference"><a href="#cite_note-HHS2021-61"><span class="cite-bracket">[</span>61<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Indictments">Indictments</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=25" title="Edit section: Indictments"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>In February 2021, the <a href="/wiki/United_States_Department_of_Justice" title="United States Department of Justice">US Department of Justice</a> indicted three members of the <a href="/wiki/Reconnaissance_General_Bureau" title="Reconnaissance General Bureau">Reconnaissance General Bureau</a>, a North Korean military intelligence agency, for having participated in several Lazarus hacking campaigns: <a href="/wiki/Park_Jin_Hyok" title="Park Jin Hyok">Park Jin Hyok</a>, Jon Chang Hyok and Kim Il Park. Jin Hyok had already been indicted earlier in September 2018. The individuals are not in U.S. custody. A Canadian and two Chinese individuals have also been charged with having acted as <a href="/wiki/Money_mule" title="Money mule">money mules</a> and money launderers for the Lazarus group.<sup id="cite_ref-70" class="reference"><a href="#cite_note-70"><span class="cite-bracket">[</span>69<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-71" class="reference"><a href="#cite_note-71"><span class="cite-bracket">[</span>70<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="See_also">See also</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=26" title="Edit section: See also"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a href="/wiki/Bureau_121" title="Bureau 121">Bureau 121</a></li> <li><a href="/wiki/Kimsuky" title="Kimsuky">Kimsuky</a></li> <li><a href="/wiki/North_Korea%E2%80%93United_States_relations" title="North Korea–United States relations">North Korea–United States relations</a></li> <li><a href="/wiki/Park_Jin_Hyok" title="Park Jin Hyok">Park Jin Hyok</a></li> <li><a href="/wiki/Ricochet_Chollima" title="Ricochet Chollima">Ricochet Chollima</a></li></ul> <div class="mw-heading mw-heading2"><h2 id="Notes">Notes</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=27" title="Edit section: Notes"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1239543626">.mw-parser-output .reflist{margin-bottom:0.5em;list-style-type:decimal}@media screen{.mw-parser-output .reflist{font-size:90%}}.mw-parser-output .reflist .references{font-size:100%;margin-bottom:0;list-style-type:inherit}.mw-parser-output .reflist-columns-2{column-width:30em}.mw-parser-output .reflist-columns-3{column-width:25em}.mw-parser-output .reflist-columns{margin-top:0.3em}.mw-parser-output .reflist-columns ol{margin-top:0}.mw-parser-output .reflist-columns li{page-break-inside:avoid;break-inside:avoid-column}.mw-parser-output .reflist-upper-alpha{list-style-type:upper-alpha}.mw-parser-output .reflist-upper-roman{list-style-type:upper-roman}.mw-parser-output .reflist-lower-alpha{list-style-type:lower-alpha}.mw-parser-output .reflist-lower-greek{list-style-type:lower-greek}.mw-parser-output .reflist-lower-roman{list-style-type:lower-roman}</style><div class="reflist reflist-lower-alpha"> <div class="mw-references-wrap"><ol class="references"> <li id="cite_note-65"><span class="mw-cite-backlink"><b><a href="#cite_ref-65">^</a></b></span> <span class="reference-text">"according to press reports, had successfully carried out such operations against banks in Bangladesh, India, Mexico, Pakistan, Philippines, South Korea, Taiwan, Turkey, Chile, and Vietnam"<sup id="cite_ref-Treasury2019(2)_60-1" class="reference"><a href="#cite_note-Treasury2019(2)-60"><span class="cite-bracket">[</span>60<span class="cite-bracket">]</span></a></sup></span> </li> </ol></div></div> <div class="mw-heading mw-heading2"><h2 id="References">References</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=28" title="Edit section: References"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1239543626"><div class="reflist reflist-columns references-column-width" style="column-width: 30em;"> <ol class="references"> <li id="cite_note-Treasury2019-1"><span class="mw-cite-backlink"><b><a href="#cite_ref-Treasury2019_1-0">^</a></b></span> <span class="reference-text"> <style data-mw-deduplicate="TemplateStyles:r1238218222">.mw-parser-output cite.citation{font-style:inherit;word-wrap:break-word}.mw-parser-output .citation q{quotes:"\"""\"""'""'"}.mw-parser-output .citation:target{background-color:rgba(0,127,255,0.133)}.mw-parser-output .id-lock-free.id-lock-free a{background:url("//upload.wikimedia.org/wikipedia/commons/6/65/Lock-green.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-limited.id-lock-limited a,.mw-parser-output .id-lock-registration.id-lock-registration a{background:url("//upload.wikimedia.org/wikipedia/commons/d/d6/Lock-gray-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-subscription.id-lock-subscription a{background:url("//upload.wikimedia.org/wikipedia/commons/a/aa/Lock-red-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .cs1-ws-icon a{background:url("//upload.wikimedia.org/wikipedia/commons/4/4c/Wikisource-logo.svg")right 0.1em center/12px no-repeat}body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-free a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-limited a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-registration a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-subscription a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .cs1-ws-icon a{background-size:contain;padding:0 1em 0 0}.mw-parser-output .cs1-code{color:inherit;background:inherit;border:none;padding:inherit}.mw-parser-output .cs1-hidden-error{display:none;color:var(--color-error,#d33)}.mw-parser-output .cs1-visible-error{color:var(--color-error,#d33)}.mw-parser-output .cs1-maint{display:none;color:#085;margin-left:0.3em}.mw-parser-output .cs1-kern-left{padding-left:0.2em}.mw-parser-output .cs1-kern-right{padding-right:0.2em}.mw-parser-output .citation .mw-selflink{font-weight:inherit}@media screen{.mw-parser-output .cs1-format{font-size:95%}html.skin-theme-clientpref-night .mw-parser-output .cs1-maint{color:#18911f}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .cs1-maint{color:#18911f}}</style><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20190913">"North Korea Designations; Global Magnitsky Designation"</a>. <i>U.S. Department of the Treasury</i>. 2019. <q>LAZARUS GROUP (a.k.a. "APPLEWORM"; a.k.a. "APT-C-26"; a.k.a. "GROUP 77"; a.k.a. "GUARDIANS OF PEACE"; a.k.a. "HIDDEN COBRA"; a.k.a. "OFFICE 91"; a.k.a. "RED DOT"; a.k.a. "TEMP.HERMIT"; a.k.a. "THE NEW ROMANTIC CYBER ARMY TEAM"; a.k.a. "WHOIS HACKING TEAM"; a.k.a. "ZINC"), Potonggang District...</q></cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=U.S.+Department+of+the+Treasury&rft.atitle=North+Korea+Designations%3B+Global+Magnitsky+Designation&rft.date=2019&rft_id=https%3A%2F%2Fhome.treasury.gov%2Fpolicy-issues%2Ffinancial-sanctions%2Frecent-actions%2F20190913&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-2"><span class="mw-cite-backlink"><b><a href="#cite_ref-2">^</a></b></span> <span class="reference-text"> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://docs.rapid7.com/insightidr/lazarus-group/">"Lazarus Group | InsightIDR Documentation"</a>. <i>Rapid7</i>. <q>Andariel, Appleworm, APT-C-26, APT38, Bluenoroff, Bureau 121, COVELLITE, Dark Seoul, GOP, Group 77, Guardian of Peace, Guardians of Peace, Hastati Group, HIDDEN COBRA, Labyrinth Chollima, Lazarus, NewRomantic Cyber Army Team, NICKEL ACADEMY, Operation AppleJesus, Operation DarkSeoul, Operation GhostSecret, Operation Troy, Silent Chollima, Subgroup: Andariel, Subgroup: Bluenoroff, Unit 121, Whois Hacking Team, WHOis Team, ZINC</q></cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Rapid7&rft.atitle=Lazarus+Group+%7C+InsightIDR+Documentation&rft_id=https%3A%2F%2Fdocs.rapid7.com%2Finsightidr%2Flazarus-group%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-3"><span class="mw-cite-backlink"><b><a href="#cite_ref-3">^</a></b></span> <span class="reference-text"> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.secureworks.com/research/threat-profiles/nickel-academy">"NICKEL ACADEMY | Secureworks"</a>. <i>secureworks.com</i>. <q>Black Artemis (PWC), COVELLITE (Dragos), CTG-2460 (SCWX CTU), Dark Seoul, Guardians of Peace, HIDDEN COBRA (U.S. Government), High Anonymous, Labyrinth Chollima (CrowdStrike), New Romanic Cyber Army Team, NNPT Group, The Lazarus Group, Who Am I?, Whois Team, ZINC (Microsoft)</q></cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=secureworks.com&rft.atitle=NICKEL+ACADEMY+%7C+Secureworks&rft_id=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fthreat-profiles%2Fnickel-academy&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-CERT2017-4"><span class="mw-cite-backlink"><b><a href="#cite_ref-CERT2017_4-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://us-cert.cisa.gov/ncas/alerts/TA17-164A">"HIDDEN COBRA – North Korea's DDoS Botnet Infrastructure | CISA"</a>. <i>us-cert.cisa.gov</i>. CISA. 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=us-cert.cisa.gov&rft.atitle=HIDDEN+COBRA+%E2%80%93+North+Korea%27s+DDoS+Botnet+Infrastructure+%7C+CISA&rft.date=2017&rft_id=https%3A%2F%2Fus-cert.cisa.gov%2Fncas%2Falerts%2FTA17-164A&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-MITRE-5"><span class="mw-cite-backlink"><b><a href="#cite_ref-MITRE_5-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://attack.mitre.org/groups/G0032/">"Lazarus Group, HIDDEN COBRA, Guardians of Peace, ZINC, NICKEL ACADEMY, Group G0032 | MITRE ATT&CK®"</a>. <i>MITRE ATT&CK</i>. MITRE Corporation.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=MITRE+ATT%26CK&rft.atitle=Lazarus+Group%2C+HIDDEN+COBRA%2C+Guardians+of+Peace%2C+ZINC%2C+NICKEL+ACADEMY%2C+Group+G0032+%7C+MITRE+ATT%26CK%C2%AE&rft_id=https%3A%2F%2Fattack.mitre.org%2Fgroups%2FG0032%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-ms-threat-actors-24-6"><span class="mw-cite-backlink"><b><a href="#cite_ref-ms-threat-actors-24_6-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming">"How Microsoft names threat actors"</a>. Microsoft<span class="reference-accessdate">. Retrieved <span class="nowrap">21 January</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=How+Microsoft+names+threat+actors&rft.pub=Microsoft&rft_id=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fintelligence%2Fmicrosoft-threat-actor-naming&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-7"><span class="mw-cite-backlink"><b><a href="#cite_ref-7">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://blogs.microsoft.com/on-the-issues/2017/12/19/microsoft-facebook-disrupt-zinc-malware-attack-protect-customers-internet-ongoing-cyberthreats/">"Microsoft and Facebook disrupt ZINC malware attack to protect customers and the internet from ongoing cyberthreats"</a>. <i>Microsoft on the Issues</i>. 2017-12-19<span class="reference-accessdate">. Retrieved <span class="nowrap">2019-08-16</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Microsoft+on+the+Issues&rft.atitle=Microsoft+and+Facebook+disrupt+ZINC+malware+attack+to+protect+customers+and+the+internet+from+ongoing+cyberthreats&rft.date=2017-12-19&rft_id=https%3A%2F%2Fblogs.microsoft.com%2Fon-the-issues%2F2017%2F12%2F19%2Fmicrosoft-facebook-disrupt-zinc-malware-attack-protect-customers-internet-ongoing-cyberthreats%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-8"><span class="mw-cite-backlink"><b><a href="#cite_ref-8">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.itpro.co.uk/go/33609">"FBI thwarts Lazarus-linked North Korean surveillance malware"</a>. <i>IT PRO</i>. 13 May 2019<span class="reference-accessdate">. Retrieved <span class="nowrap">2019-08-16</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=IT+PRO&rft.atitle=FBI+thwarts+Lazarus-linked+North+Korean+surveillance+malware&rft.date=2019-05-13&rft_id=https%3A%2F%2Fwww.itpro.co.uk%2Fgo%2F33609&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-recorded-9"><span class="mw-cite-backlink"><b><a href="#cite_ref-recorded_9-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGuerrero-SaadeMoriuchi2018" class="citation news cs1">Guerrero-Saade, Juan Andres; Moriuchi, Priscilla (January 16, 2018). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20180116170903/https://www.recordedfuture.com/north-korea-cryptocurrency-campaign/">"North Korea Targeted South Korean Cryptocurrency Users and Exchange in Late 2017 Campaign"</a>. <a href="/wiki/Recorded_Future" title="Recorded Future">Recorded Future</a>. Archived from <a rel="nofollow" class="external text" href="https://www.recordedfuture.com/north-korea-cryptocurrency-campaign/">the original</a> on January 16, 2018.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=North+Korea+Targeted+South+Korean+Cryptocurrency+Users+and+Exchange+in+Late+2017+Campaign&rft.date=2018-01-16&rft.aulast=Guerrero-Saade&rft.aufirst=Juan+Andres&rft.au=Moriuchi%2C+Priscilla&rft_id=https%3A%2F%2Fwww.recordedfuture.com%2Fnorth-korea-cryptocurrency-campaign%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-:6-10"><span class="mw-cite-backlink">^ <a href="#cite_ref-:6_10-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:6_10-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.bbc.com/news/world-asia-58838834">"Drugs, arms, and terror: A high-profile defector on Kim's North Korea"</a>. <i>BBC News</i>. 2021-10-10<span class="reference-accessdate">. Retrieved <span class="nowrap">2021-10-11</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=BBC+News&rft.atitle=Drugs%2C+arms%2C+and+terror%3A+A+high-profile+defector+on+Kim%27s+North+Korea&rft.date=2021-10-10&rft_id=https%3A%2F%2Fwww.bbc.com%2Fnews%2Fworld-asia-58838834&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-11"><span class="mw-cite-backlink"><b><a href="#cite_ref-11">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.cyberpolicy.com/cybersecurity-education/who-is-lazarus-north-koreas-newest-cybercrime-collective">"Who is Lazarus? North Korea's Newest Cybercrime Collective"</a>. <i>www.cyberpolicy.com</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2020-08-26</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.cyberpolicy.com&rft.atitle=Who+is+Lazarus%3F+North+Korea%27s+Newest+Cybercrime+Collective&rft_id=https%3A%2F%2Fwww.cyberpolicy.com%2Fcybersecurity-education%2Fwho-is-lazarus-north-koreas-newest-cybercrime-collective&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-12"><span class="mw-cite-backlink"><b><a href="#cite_ref-12">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBeedham2020" class="citation web cs1">Beedham, Matthew (2020-01-09). <a rel="nofollow" class="external text" href="https://thenextweb.com/hardfork/2020/01/09/north-korea-hacker-group-lazarus-telegram-steal-cryptocurrency-bitcoin/">"North Korean hacker group Lazarus is using Telegram to steal cryptocurrency"</a>. <i>Hard Fork | The Next Web</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2020-08-26</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Hard+Fork+%7C+The+Next+Web&rft.atitle=North+Korean+hacker+group+Lazarus+is+using+Telegram+to+steal+cryptocurrency&rft.date=2020-01-09&rft.aulast=Beedham&rft.aufirst=Matthew&rft_id=https%3A%2F%2Fthenextweb.com%2Fhardfork%2F2020%2F01%2F09%2Fnorth-korea-hacker-group-lazarus-telegram-steal-cryptocurrency-bitcoin%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-:11-13"><span class="mw-cite-backlink">^ <a href="#cite_ref-:11_13-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:11_13-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.justice.gov/opa/pr/north-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and">"North Korean Regime-Backed Programmer Charged With Conspiracy to Conduct Multiple Cyber Attacks and Intrusions"</a>. <i>www.justice.gov</i>. 2018-09-06<span class="reference-accessdate">. Retrieved <span class="nowrap">2022-01-14</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.justice.gov&rft.atitle=North+Korean+Regime-Backed+Programmer+Charged+With+Conspiracy+to+Conduct+Multiple+Cyber+Attacks+and+Intrusions&rft.date=2018-09-06&rft_id=https%3A%2F%2Fwww.justice.gov%2Fopa%2Fpr%2Fnorth-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-14"><span class="mw-cite-backlink"><b><a href="#cite_ref-14">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.bbc.co.uk/programmes/p09m14pt">"BBC World Service - The Lazarus Heist, 10. Kill switch"</a>. <i>BBC</i>. 20 June 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">2022-04-21</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=BBC&rft.atitle=BBC+World+Service+-+The+Lazarus+Heist%2C+10.+Kill+switch&rft.date=2021-06-20&rft_id=https%3A%2F%2Fwww.bbc.co.uk%2Fprogrammes%2Fp09m14pt&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-15"><span class="mw-cite-backlink"><b><a href="#cite_ref-15">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.dailydot.com/politics/sony-hack-lazarus-group-operation-blockbuster-report/">"Security researchers say mysterious 'Lazarus Group' hacked Sony in 2014"</a>. <i>The Daily Dot</i>. 24 February 2016<span class="reference-accessdate">. Retrieved <span class="nowrap">2016-02-29</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Daily+Dot&rft.atitle=Security+researchers+say+mysterious+%27Lazarus+Group%27+hacked+Sony+in+2014&rft.date=2016-02-24&rft_id=http%3A%2F%2Fwww.dailydot.com%2Fpolitics%2Fsony-hack-lazarus-group-operation-blockbuster-report%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-16"><span class="mw-cite-backlink"><b><a href="#cite_ref-16">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=8ae1ff71-e440-4b79-9943-199d0adb43fc&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments">"SWIFT attackers' malware linked to more financial attacks"</a>. <i>Symantec</i>. 2016-05-26<span class="reference-accessdate">. Retrieved <span class="nowrap">2017-10-19</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Symantec&rft.atitle=SWIFT+attackers%27+malware+linked+to+more+financial+attacks&rft.date=2016-05-26&rft_id=https%3A%2F%2Fcommunity.broadcom.com%2Fsymantecenterprise%2Fcommunities%2Fcommunity-home%2Flibrarydocuments%2Fviewdocument%3FDocumentKey%3D8ae1ff71-e440-4b79-9943-199d0adb43fc%26CommunityKey%3D1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68%26tab%3Dlibrarydocuments&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-:1-17"><span class="mw-cite-backlink">^ <a href="#cite_ref-:1_17-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:1_17-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-:1_17-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAshok2017" class="citation news cs1">Ashok, India (2017-10-17). <a rel="nofollow" class="external text" href="http://www.ibtimes.co.uk/lazarus-north-korean-hackers-suspected-have-stolen-millions-taiwan-bank-cyberheist-1643408">"Lazarus: North Korean hackers suspected to have stolen millions in Taiwan bank cyberheist"</a>. <i>International Business Times UK</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2017-10-19</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=International+Business+Times+UK&rft.atitle=Lazarus%3A+North+Korean+hackers+suspected+to+have+stolen+millions+in+Taiwan+bank+cyberheist&rft.date=2017-10-17&rft.aulast=Ashok&rft.aufirst=India&rft_id=http%3A%2F%2Fwww.ibtimes.co.uk%2Flazarus-north-korean-hackers-suspected-have-stolen-millions-taiwan-bank-cyberheist-1643408&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-:0-18"><span class="mw-cite-backlink"><b><a href="#cite_ref-:0_18-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://baesystemsai.blogspot.co.uk/2016/04/two-bytes-to-951m.html">"Two bytes to $951m"</a>. <i>baesystemsai.blogspot.co.uk</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2017-05-15</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=baesystemsai.blogspot.co.uk&rft.atitle=Two+bytes+to+%24951m&rft_id=http%3A%2F%2Fbaesystemsai.blogspot.co.uk%2F2016%2F04%2Ftwo-bytes-to-951m.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-19"><span class="mw-cite-backlink"><b><a href="#cite_ref-19">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.telegraph.co.uk/technology/2017/05/15/north-korea-linked-global-cyber-attack-experts-examine-ransomware/">"Cyber attacks linked to North Korea, security experts claim"</a>. <i>The Telegraph</i>. 2017-05-16<span class="reference-accessdate">. Retrieved <span class="nowrap">2017-05-16</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Telegraph&rft.atitle=Cyber+attacks+linked+to+North+Korea%2C+security+experts+claim&rft.date=2017-05-16&rft_id=https%3A%2F%2Fwww.telegraph.co.uk%2Ftechnology%2F2017%2F05%2F15%2Fnorth-korea-linked-global-cyber-attack-experts-examine-ransomware%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-20"><span class="mw-cite-backlink"><b><a href="#cite_ref-20">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSolon2017" class="citation news cs1">Solon, Olivia (2017-05-15). <a rel="nofollow" class="external text" href="https://www.theguardian.com/technology/2017/may/15/wannacry-ransomware-north-korea-lazarus-group">"WannaCry ransomware has links to North Korea, cybersecurity experts say"</a>. <i>The Guardian</i>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/0261-3077">0261-3077</a><span class="reference-accessdate">. Retrieved <span class="nowrap">2017-05-16</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Guardian&rft.atitle=WannaCry+ransomware+has+links+to+North+Korea%2C+cybersecurity+experts+say&rft.date=2017-05-15&rft.issn=0261-3077&rft.aulast=Solon&rft.aufirst=Olivia&rft_id=https%3A%2F%2Fwww.theguardian.com%2Ftechnology%2F2017%2Fmay%2F15%2Fwannacry-ransomware-north-korea-lazarus-group&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-21"><span class="mw-cite-backlink"><b><a href="#cite_ref-21">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGReAT_–_Kaspersky_Lab's_Global_Research_&_Analysis_Team2017" class="citation web cs1">GReAT – Kaspersky Lab's Global Research & Analysis Team (2017-03-03). <a rel="nofollow" class="external text" href="https://securelist.com/blog/sas/77908/lazarus-under-the-hood/">"Lazarus Under The Hood"</a>. <i>Securelist</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2017-05-16</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Securelist&rft.atitle=Lazarus+Under+The+Hood&rft.date=2017-03-03&rft.au=GReAT+%E2%80%93+Kaspersky+Lab%27s+Global+Research+%26+Analysis+Team&rft_id=https%3A%2F%2Fsecurelist.com%2Fblog%2Fsas%2F77908%2Flazarus-under-the-hood%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-22"><span class="mw-cite-backlink"><b><a href="#cite_ref-22">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFThe_WannaCry_Ransomware_Has_a_Link_to_Suspected_North_Korean_Hackers2017" class="citation web cs1">The WannaCry Ransomware Has a Link to Suspected North Korean Hackers (2017-03-03). <a rel="nofollow" class="external text" href="https://www.wired.com/2017/05/wannacry-ransomware-link-suspected-north-korean-hackers/">"The Wired"</a>. <i>Securelist</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2017-05-16</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Securelist&rft.atitle=The+Wired&rft.date=2017-03-03&rft.au=The+WannaCry+Ransomware+Has+a+Link+to+Suspected+North+Korean+Hackers&rft_id=https%3A%2F%2Fwww.wired.com%2F2017%2F05%2Fwannacry-ransomware-link-suspected-north-korean-hackers%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-23"><span class="mw-cite-backlink"><b><a href="#cite_ref-23">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.bbc.co.uk/news/technology-40010996">"More evidence for WannaCry 'link' to North Korean hackers"</a>. <i>BBC News</i>. 2017-05-23<span class="reference-accessdate">. Retrieved <span class="nowrap">2017-05-23</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=BBC+News&rft.atitle=More+evidence+for+WannaCry+%27link%27+to+North+Korean+hackers&rft.date=2017-05-23&rft_id=https%3A%2F%2Fwww.bbc.co.uk%2Fnews%2Ftechnology-40010996&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-24"><span class="mw-cite-backlink"><b><a href="#cite_ref-24">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation magazine cs1"><a rel="nofollow" class="external text" href="https://www.wired.com/2016/02/sony-hackers-causing-mayhem-years-hit-company/#slide-3">"The Sony Hackers Were Causing Mayhem Years Before They Hit the Company"</a>. <i>WIRED</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2016-03-01</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=WIRED&rft.atitle=The+Sony+Hackers+Were+Causing+Mayhem+Years+Before+They+Hit+the+Company&rft_id=https%3A%2F%2Fwww.wired.com%2F2016%2F02%2Fsony-hackers-causing-mayhem-years-hit-company%2F%23slide-3&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-25"><span class="mw-cite-backlink"><b><a href="#cite_ref-25">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation magazine cs1"><a rel="nofollow" class="external text" href="https://www.wired.com/2014/12/sony-hack-what-we-know/">"Sony Got Hacked Hard: What We Know and Don't Know So Far"</a>. <i>WIRED</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2016-03-01</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=WIRED&rft.atitle=Sony+Got+Hacked+Hard%3A+What+We+Know+and+Don%27t+Know+So+Far&rft_id=https%3A%2F%2Fwww.wired.com%2F2014%2F12%2Fsony-hack-what-we-know%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-26"><span class="mw-cite-backlink"><b><a href="#cite_ref-26">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20160304042516/https://www.riskbasedsecurity.com/2014/12/a-breakdown-and-analysis-of-the-december-2014-sony-hack/">"A Breakdown and Analysis of the December, 2014 Sony Hack"</a>. <i>www.riskbasedsecurity.com</i>. 5 December 2014. Archived from <a rel="nofollow" class="external text" href="https://www.riskbasedsecurity.com/2014/12/a-breakdown-and-analysis-of-the-december-2014-sony-hack/">the original</a> on 2016-03-04<span class="reference-accessdate">. Retrieved <span class="nowrap">2016-03-01</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.riskbasedsecurity.com&rft.atitle=A+Breakdown+and+Analysis+of+the+December%2C+2014+Sony+Hack&rft.date=2014-12-05&rft_id=https%3A%2F%2Fwww.riskbasedsecurity.com%2F2014%2F12%2Fa-breakdown-and-analysis-of-the-december-2014-sony-hack%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-27"><span class="mw-cite-backlink"><b><a href="#cite_ref-27">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFVan_Buskirk2016" class="citation news cs1">Van Buskirk, Peter (2016-03-01). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170707111936/http://www.novetta.com/2016/03/five-reasons-why-operation-blockbuster-matters/">"Five Reasons Why Operation Blockbuster Matters"</a>. <i>Novetta</i>. Archived from <a rel="nofollow" class="external text" href="http://www.novetta.com/2016/03/five-reasons-why-operation-blockbuster-matters/">the original</a> on 2017-07-07<span class="reference-accessdate">. Retrieved <span class="nowrap">2017-05-16</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Novetta&rft.atitle=Five+Reasons+Why+Operation+Blockbuster+Matters&rft.date=2016-03-01&rft.aulast=Van+Buskirk&rft.aufirst=Peter&rft_id=http%3A%2F%2Fwww.novetta.com%2F2016%2F03%2Ffive-reasons-why-operation-blockbuster-matters%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-28"><span class="mw-cite-backlink"><b><a href="#cite_ref-28">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20180127204955/http://www.novetta.com/2016/02/novetta-exposes-depth-of-sony-pictures-attack/">"Novetta Exposes Depth of Sony Pictures Attack — Novetta"</a>. 24 February 2016. Archived from <a rel="nofollow" class="external text" href="http://www.novetta.com/2016/02/novetta-exposes-depth-of-sony-pictures-attack/">the original</a> on 27 January 2018<span class="reference-accessdate">. Retrieved <span class="nowrap">19 June</span> 2016</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Novetta+Exposes+Depth+of+Sony+Pictures+Attack+%E2%80%94+Novetta&rft.date=2016-02-24&rft_id=http%3A%2F%2Fwww.novetta.com%2F2016%2F02%2Fnovetta-exposes-depth-of-sony-pictures-attack%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-29"><span class="mw-cite-backlink"><b><a href="#cite_ref-29">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20160901174007/http://www.kaspersky.com/about/news/virus/2016/Kaspersky-Lab-helps-to-disrupt-activity-of-Lazarus-Group-responsible-for-multiple-devastating-cyber-attacks">"Kaspersky Lab helps to disrupt the activity of the Lazarus Group responsible for multiple devastating cyber-attacks | Kaspersky Lab"</a>. <i>www.kaspersky.com</i>. Archived from <a rel="nofollow" class="external text" href="http://www.kaspersky.com/about/news/virus/2016/Kaspersky-Lab-helps-to-disrupt-activity-of-Lazarus-Group-responsible-for-multiple-devastating-cyber-attacks">the original</a> on 2016-09-01<span class="reference-accessdate">. Retrieved <span class="nowrap">2016-02-29</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.kaspersky.com&rft.atitle=Kaspersky+Lab+helps+to+disrupt+the+activity+of+the+Lazarus+Group+responsible+for+multiple+devastating+cyber-attacks+%7C+Kaspersky+Lab&rft_id=http%3A%2F%2Fwww.kaspersky.com%2Fabout%2Fnews%2Fvirus%2F2016%2FKaspersky-Lab-helps-to-disrupt-activity-of-Lazarus-Group-responsible-for-multiple-devastating-cyber-attacks&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-30"><span class="mw-cite-backlink"><b><a href="#cite_ref-30">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSchram2016" class="citation news cs1">Schram, Jamie (22 March 2016). <a rel="nofollow" class="external text" href="https://nypost.com/2016/03/22/congresswoman-wants-probe-of-brazen-81m-theft-from-new-york-fed/">"Congresswoman wants probe of 'brazen' $81M theft from New York Fed"</a>. <i>New York Post</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=New+York+Post&rft.atitle=Congresswoman+wants+probe+of+%27brazen%27+%2481M+theft+from+New+York+Fed&rft.date=2016-03-22&rft.aulast=Schram&rft.aufirst=Jamie&rft_id=https%3A%2F%2Fnypost.com%2F2016%2F03%2F22%2Fcongresswoman-wants-probe-of-brazen-81m-theft-from-new-york-fed%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-31"><span class="mw-cite-backlink"><b><a href="#cite_ref-31">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFShapiro2023" class="citation book cs1"><a href="/wiki/Scott_J._Shapiro" title="Scott J. Shapiro">Shapiro, Scott</a> (2023). <i>Fancy Bear Goes Phishing: The dark history of the information age, in five extraordinary hacks</i> (1st ed.). New York: Farrar, Straus and Giroux. p. 316. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-0-374-60117-1" title="Special:BookSources/978-0-374-60117-1"><bdi>978-0-374-60117-1</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Fancy+Bear+Goes+Phishing%3A+The+dark+history+of+the+information+age%2C+in+five+extraordinary+hacks&rft.place=New+York&rft.pages=316&rft.edition=1st&rft.pub=Farrar%2C+Straus+and+Giroux&rft.date=2023&rft.isbn=978-0-374-60117-1&rft.aulast=Shapiro&rft.aufirst=Scott&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-32"><span class="mw-cite-backlink"><b><a href="#cite_ref-32">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.thedailystar.net/business/banking/cybercriminal-lazarus-group-hacked-bangladesh-bank-1393522">"Cybercriminal Lazarus group hacked Bangladesh Bank"</a>. <i>thedailystar.net</i>. April 20, 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">13 May</span> 2021</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=thedailystar.net&rft.atitle=Cybercriminal+Lazarus+group+hacked+Bangladesh+Bank&rft.date=2017-04-20&rft_id=https%3A%2F%2Fwww.thedailystar.net%2Fbusiness%2Fbanking%2Fcybercriminal-lazarus-group-hacked-bangladesh-bank-1393522&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-33"><span class="mw-cite-backlink"><b><a href="#cite_ref-33">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.finextra.com/newsarticle/32623/us-charges-north-korean-over-bangladesh-bank-hack">"US charges North Korean over Bangladesh Bank hack"</a>. <i>finextra.com</i>. 6 September 2018<span class="reference-accessdate">. Retrieved <span class="nowrap">13 May</span> 2021</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=finextra.com&rft.atitle=US+charges+North+Korean+over+Bangladesh+Bank+hack&rft.date=2018-09-06&rft_id=https%3A%2F%2Fwww.finextra.com%2Fnewsarticle%2F32623%2Fus-charges-north-korean-over-bangladesh-bank-hack&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-34"><span class="mw-cite-backlink"><b><a href="#cite_ref-34">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.techtarget.com/searchsecurity/answer/Detecting-and-defending-against-TCP-port-445-attacks">"How to defend against TCP port 445 and other SMB exploits"</a>. <i>SearchSecurity</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2022-01-14</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=SearchSecurity&rft.atitle=How+to+defend+against+TCP+port+445+and+other+SMB+exploits&rft_id=https%3A%2F%2Fwww.techtarget.com%2Fsearchsecurity%2Fanswer%2FDetecting-and-defending-against-TCP-port-445-attacks&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-35"><span class="mw-cite-backlink"><b><a href="#cite_ref-35">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFStorm2016" class="citation web cs1">Storm, Darlene (2016-04-13). <a rel="nofollow" class="external text" href="https://www.computerworld.com/article/3055488/cryptoworms-the-future-of-ransomware-hell.html">"Cryptoworms: The future of ransomware hell"</a>. <i>Computerworld</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2022-01-14</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Computerworld&rft.atitle=Cryptoworms%3A+The+future+of+ransomware+hell&rft.date=2016-04-13&rft.aulast=Storm&rft.aufirst=Darlene&rft_id=https%3A%2F%2Fwww.computerworld.com%2Farticle%2F3055488%2Fcryptoworms-the-future-of-ransomware-hell.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-:7-36"><span class="mw-cite-backlink">^ <a href="#cite_ref-:7_36-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:7_36-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-:7_36-2"><sup><i><b>c</b></i></sup></a> <a href="#cite_ref-:7_36-3"><sup><i><b>d</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation cs2"><a rel="nofollow" class="external text" href="https://open.spotify.com/episode/2WDSJuSjQR8iN0dvnY9q56"><i>10. Kill switch</i></a>, 2021-06-20<span class="reference-accessdate">, retrieved <span class="nowrap">2022-01-14</span></span></cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=10.+Kill+switch&rft.date=2021-06-20&rft_id=https%3A%2F%2Fopen.spotify.com%2Fepisode%2F2WDSJuSjQR8iN0dvnY9q56&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-:2-37"><span class="mw-cite-backlink">^ <a href="#cite_ref-:2_37-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:2_37-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-:2_37-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAl_Ali2018" class="citation news cs1">Al Ali, Nour (2018-01-16). <a rel="nofollow" class="external text" href="https://www.bloomberg.com/news/articles/2018-01-16/north-korean-hacker-group-seen-behind-crypto-attack-in-south">"North Korean Hacker Group Seen Behind Crypto Attack in South"</a>. <i>Bloomberg.com</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2018-01-17</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Bloomberg.com&rft.atitle=North+Korean+Hacker+Group+Seen+Behind+Crypto+Attack+in+South&rft.date=2018-01-16&rft.aulast=Al+Ali&rft.aufirst=Nour&rft_id=https%3A%2F%2Fwww.bloomberg.com%2Fnews%2Farticles%2F2018-01-16%2Fnorth-korean-hacker-group-seen-behind-crypto-attack-in-south&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-:3-38"><span class="mw-cite-backlink">^ <a href="#cite_ref-:3_38-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:3_38-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFKharpal2018" class="citation news cs1">Kharpal, Arjun (2018-01-17). <a rel="nofollow" class="external text" href="https://www.cnbc.com/2018/01/17/north-korea-hackers-linked-to-cryptocurrency-cyberattack-on-south-korea.html">"North Korea government-backed hackers are trying to steal cryptocurrency from South Korean users"</a>. <i>CNBC</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2018-01-17</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=CNBC&rft.atitle=North+Korea+government-backed+hackers+are+trying+to+steal+cryptocurrency+from+South+Korean+users&rft.date=2018-01-17&rft.aulast=Kharpal&rft.aufirst=Arjun&rft_id=https%3A%2F%2Fwww.cnbc.com%2F2018%2F01%2F17%2Fnorth-korea-hackers-linked-to-cryptocurrency-cyberattack-on-south-korea.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-:4-39"><span class="mw-cite-backlink">^ <a href="#cite_ref-:4_39-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:4_39-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMascarenhas2018" class="citation news cs1">Mascarenhas, Hyacinth (2018-01-17). <a rel="nofollow" class="external text" href="http://www.ibtimes.co.uk/lazarus-north-korean-hackers-linked-sony-hack-were-behind-cryptocurrency-attacks-south-korea-1655467">"Lazarus: North Korean hackers linked to Sony hack were behind cryptocurrency attacks in South Korea"</a>. <i>International Business Times UK</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2018-01-17</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=International+Business+Times+UK&rft.atitle=Lazarus%3A+North+Korean+hackers+linked+to+Sony+hack+were+behind+cryptocurrency+attacks+in+South+Korea&rft.date=2018-01-17&rft.aulast=Mascarenhas&rft.aufirst=Hyacinth&rft_id=http%3A%2F%2Fwww.ibtimes.co.uk%2Flazarus-north-korean-hackers-linked-sony-hack-were-behind-cryptocurrency-attacks-south-korea-1655467&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-40"><span class="mw-cite-backlink"><b><a href="#cite_ref-40">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLimitone2018" class="citation news cs1">Limitone, Julia (2018-01-17). <a rel="nofollow" class="external text" href="http://www.foxbusiness.com/markets/2018/01/17/bitcoin-cryptocurrencies-targeted-by-north-korean-hackers-report-reveals.html">"Bitcoin, cryptocurrencies targeted by North Korean hackers, report reveals"</a>. <i>Fox Business</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2018-01-17</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Fox+Business&rft.atitle=Bitcoin%2C+cryptocurrencies+targeted+by+North+Korean+hackers%2C+report+reveals&rft.date=2018-01-17&rft.aulast=Limitone&rft.aufirst=Julia&rft_id=http%3A%2F%2Fwww.foxbusiness.com%2Fmarkets%2F2018%2F01%2F17%2Fbitcoin-cryptocurrencies-targeted-by-north-korean-hackers-report-reveals.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-41"><span class="mw-cite-backlink"><b><a href="#cite_ref-41">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAshford2018" class="citation news cs1">Ashford, Warwick (2018-01-17). <a rel="nofollow" class="external text" href="http://www.computerweekly.com/news/450433324/North-Korean-hackers-tied-to-cryptocurrency-attacks-in-South-Korea">"North Korean hackers tied to cryptocurrency attacks in South Korea"</a>. <i>Computer Weekly</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2018-01-17</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Computer+Weekly&rft.atitle=North+Korean+hackers+tied+to+cryptocurrency+attacks+in+South+Korea&rft.date=2018-01-17&rft.aulast=Ashford&rft.aufirst=Warwick&rft_id=http%3A%2F%2Fwww.computerweekly.com%2Fnews%2F450433324%2FNorth-Korean-hackers-tied-to-cryptocurrency-attacks-in-South-Korea&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-42"><span class="mw-cite-backlink"><b><a href="#cite_ref-42">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.straitstimes.com/asia/east-asia/south-korean-crypto-exchange-files-for-bankruptcy-after-hack">"South Korean crypto exchange files for bankruptcy after hack"</a>. <i>The Straits Times</i>. 2017-12-20<span class="reference-accessdate">. Retrieved <span class="nowrap">2018-01-17</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Straits+Times&rft.atitle=South+Korean+crypto+exchange+files+for+bankruptcy+after+hack&rft.date=2017-12-20&rft_id=http%3A%2F%2Fwww.straitstimes.com%2Fasia%2Feast-asia%2Fsouth-korean-crypto-exchange-files-for-bankruptcy-after-hack&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-43"><span class="mw-cite-backlink"><b><a href="#cite_ref-43">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20180118011137/https://www.msn.com/en-us/money/markets/bitcoin-exchanges-targeted-by-north-korean-hackers-analysts-say/ar-BBH3peF?li=AAb280R">"Bitcoin exchanges targeted by North Korean hackers, analysts say"</a>. <i>MSN Money</i>. 2017-12-21. Archived from <a rel="nofollow" class="external text" href="https://www.msn.com/en-us/money/markets/bitcoin-exchanges-targeted-by-north-korean-hackers-analysts-say/ar-BBH3peF?li=AAb280R">the original</a> on 2018-01-18<span class="reference-accessdate">. Retrieved <span class="nowrap">2018-01-17</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=MSN+Money&rft.atitle=Bitcoin+exchanges+targeted+by+North+Korean+hackers%2C+analysts+say&rft.date=2017-12-21&rft_id=https%3A%2F%2Fwww.msn.com%2Fen-us%2Fmoney%2Fmarkets%2Fbitcoin-exchanges-targeted-by-north-korean-hackers-analysts-say%2Far-BBH3peF%3Fli%3DAAb280R&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-44"><span class="mw-cite-backlink"><b><a href="#cite_ref-44">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.nicehash.com/news/niceHash-security-breach-investigation-update">"NiceHash security breach investigation update – NiceHash"</a>. <i>NiceHash</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2018-11-13</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=NiceHash&rft.atitle=NiceHash+security+breach+investigation+update+%E2%80%93+NiceHash&rft_id=https%3A%2F%2Fwww.nicehash.com%2Fnews%2FniceHash-security-breach-investigation-update&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-:5-45"><span class="mw-cite-backlink">^ <a href="#cite_ref-:5_45-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:5_45-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFVolz2019" class="citation web cs1">Volz (September 16, 2019). <a rel="nofollow" class="external text" href="https://www.msn.com/en-us/news/world/us-targets-north-korean-hacking-as-national-security-threat/ar-AAHkAGU?ocid=ientp">"U.S. Targets North Korean Hacking as National-Security Threat"</a>. <i>MSN</i><span class="reference-accessdate">. Retrieved <span class="nowrap">September 16,</span> 2019</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=MSN&rft.atitle=U.S.+Targets+North+Korean+Hacking+as+National-Security+Threat&rft.date=2019-09-16&rft.au=Volz&rft_id=https%3A%2F%2Fwww.msn.com%2Fen-us%2Fnews%2Fworld%2Fus-targets-north-korean-hacking-as-national-security-threat%2Far-AAHkAGU%3Focid%3Dientp&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-46"><span class="mw-cite-backlink"><b><a href="#cite_ref-46">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFStubbs2020" class="citation web cs1">Stubbs, Jack (November 27, 2020). <a rel="nofollow" class="external text" href="https://www.reuters.com/article/us-healthcare-coronavirus-astrazeneca-no/exclusive-suspected-north-korean-hackers-targeted-covid-vaccine-maker-astrazeneca-sources-idUSKBN2871A2">"Exclusive: Suspected North Korean hackers targeted COVID vaccine maker AstraZeneca – sources"</a>. <i>Reuters</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Reuters&rft.atitle=Exclusive%3A+Suspected+North+Korean+hackers+targeted+COVID+vaccine+maker+AstraZeneca+%E2%80%93+sources&rft.date=2020-11-27&rft.aulast=Stubbs&rft.aufirst=Jack&rft_id=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-healthcare-coronavirus-astrazeneca-no%2Fexclusive-suspected-north-korean-hackers-targeted-covid-vaccine-maker-astrazeneca-sources-idUSKBN2871A2&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-:8-47"><span class="mw-cite-backlink">^ <a href="#cite_ref-:8_47-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:8_47-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFNewman" class="citation magazine cs1">Newman, Lily Hay. <a rel="nofollow" class="external text" href="https://www.wired.com/story/north-korea-hackers-target-cybersecurity-researchers/">"North Korea Targets—and Dupes—a Slew of Cybersecurity Pros"</a>. <i>Wired</i>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/1059-1028">1059-1028</a><span class="reference-accessdate">. Retrieved <span class="nowrap">2023-03-17</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Wired&rft.atitle=North+Korea+Targets%E2%80%94and+Dupes%E2%80%94a+Slew+of+Cybersecurity+Pros&rft.issn=1059-1028&rft.aulast=Newman&rft.aufirst=Lily+Hay&rft_id=https%3A%2F%2Fwww.wired.com%2Fstory%2Fnorth-korea-hackers-target-cybersecurity-researchers%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-:9-48"><span class="mw-cite-backlink">^ <a href="#cite_ref-:9_48-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:9_48-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/">"New campaign targeting security researchers"</a>. <i>Google</i>. 2021-01-25<span class="reference-accessdate">. Retrieved <span class="nowrap">2023-03-13</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Google&rft.atitle=New+campaign+targeting+security+researchers&rft.date=2021-01-25&rft_id=https%3A%2F%2Fblog.google%2Fthreat-analysis-group%2Fnew-campaign-targeting-security-researchers%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-:10-49"><span class="mw-cite-backlink">^ <a href="#cite_ref-:10_49-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:10_49-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFIntelligence2021" class="citation web cs1">Intelligence, Microsoft Threat Intelligence Center (MSTIC), Microsoft Defender Threat (2021-01-28). <a rel="nofollow" class="external text" href="https://www.microsoft.com/en-us/security/blog/2021/01/28/zinc-attacks-against-security-researchers/">"ZINC attacks against security researchers"</a>. <i>Microsoft Security Blog</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2023-03-13</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Microsoft+Security+Blog&rft.atitle=ZINC+attacks+against+security+researchers&rft.date=2021-01-28&rft.aulast=Intelligence&rft.aufirst=Microsoft+Threat+Intelligence+Center+%28MSTIC%29%2C+Microsoft+Defender+Threat&rft_id=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fblog%2F2021%2F01%2F28%2Fzinc-attacks-against-security-researchers%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span><span class="cs1-maint citation-comment"><code class="cs1-code">{{<a href="/wiki/Template:Cite_web" title="Template:Cite web">cite web</a>}}</code>: CS1 maint: multiple names: authors list (<a href="/wiki/Category:CS1_maint:_multiple_names:_authors_list" title="Category:CS1 maint: multiple names: authors list">link</a>)</span></span> </li> <li id="cite_note-:12-50"><span class="mw-cite-backlink">^ <a href="#cite_ref-:12_50-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:12_50-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://fortune.com/crypto/2023/12/14/north-korea-lazarus-crypto-hack-immunefi-2023-cybercrime/">"North Korea–linked Lazarus Group responsible for nearly 20% of crypto losses—more than $300 million worth—in 2023"</a>. <i>Fortune Crypto</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2023-12-15</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Fortune+Crypto&rft.atitle=North+Korea%E2%80%93linked+Lazarus+Group+responsible+for+nearly+20%25+of+crypto+losses%E2%80%94more+than+%24300+million+worth%E2%80%94in+2023&rft_id=https%3A%2F%2Ffortune.com%2Fcrypto%2F2023%2F12%2F14%2Fnorth-korea-lazarus-crypto-hack-immunefi-2023-cybercrime%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-51"><span class="mw-cite-backlink"><b><a href="#cite_ref-51">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.bbc.com/news/world-asia-61036733">"North Korean hackers target gamers in $615m crypto heist - US"</a>. <i>BBC News</i>. 2022-04-15<span class="reference-accessdate">. Retrieved <span class="nowrap">2022-04-15</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=BBC+News&rft.atitle=North+Korean+hackers+target+gamers+in+%24615m+crypto+heist+-+US&rft.date=2022-04-15&rft_id=https%3A%2F%2Fwww.bbc.com%2Fnews%2Fworld-asia-61036733&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-52"><span class="mw-cite-backlink"><b><a href="#cite_ref-52">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.fbi.gov/news/press-releases/fbi-confirms-lazarus-group-cyber-actors-responsible-for-harmonys-horizon-bridge-currency-theft">"FBI Confirms Lazarus Group Cyber Actors Responsible for Harmony's Horizon Bridge Currency Theft"</a>. <i>Federal Bureau of Investigation</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2023-03-22</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Federal+Bureau+of+Investigation&rft.atitle=FBI+Confirms+Lazarus+Group+Cyber+Actors+Responsible+for+Harmony%27s+Horizon+Bridge+Currency+Theft&rft_id=https%3A%2F%2Fwww.fbi.gov%2Fnews%2Fpress-releases%2Ffbi-confirms-lazarus-group-cyber-actors-responsible-for-harmonys-horizon-bridge-currency-theft&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-53"><span class="mw-cite-backlink"><b><a href="#cite_ref-53">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSatter2023" class="citation news cs1">Satter, Raphael (2023-06-13). <a rel="nofollow" class="external text" href="https://www.reuters.com/world/north-korean-hackers-stole-100-million-recent-cryptocurrency-heist-analysts-2023-06-13/">"North Korean hackers stole $100 million in recent cryptocurrency heist, analysts say"</a>. <i>Reuters</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2023-12-05</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Reuters&rft.atitle=North+Korean+hackers+stole+%24100+million+in+recent+cryptocurrency+heist%2C+analysts+say&rft.date=2023-06-13&rft.aulast=Satter&rft.aufirst=Raphael&rft_id=https%3A%2F%2Fwww.reuters.com%2Fworld%2Fnorth-korean-hackers-stole-100-million-recent-cryptocurrency-heist-analysts-2023-06-13%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-54"><span class="mw-cite-backlink"><b><a href="#cite_ref-54">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.fbi.gov/news/press-releases/fbi-identifies-cryptocurrency-funds-stolen-by-dprk">"FBI Identifies Cryptocurrency Funds Stolen by DPRK"</a>. <i>FBI</i>. August 22, 2023.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=FBI&rft.atitle=FBI+Identifies+Cryptocurrency+Funds+Stolen+by+DPRK&rft.date=2023-08-22&rft_id=https%3A%2F%2Fwww.fbi.gov%2Fnews%2Fpress-releases%2Ffbi-identifies-cryptocurrency-funds-stolen-by-dprk&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-55"><span class="mw-cite-backlink"><b><a href="#cite_ref-55">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.fbi.gov/news/press-releases/fbi-identifies-lazarus-group-cyber-actors-as-responsible-for-theft-of-41-million-from-stakecom">"FBI Identifies Lazarus Group Cyber Actors as Responsible for Theft of $41 Million from Stake.com"</a>. <i>FBI</i>. September 6, 2023.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=FBI&rft.atitle=FBI+Identifies+Lazarus+Group+Cyber+Actors+as+Responsible+for+Theft+of+%2441+Million+from+Stake.com&rft.date=2023-09-06&rft_id=https%3A%2F%2Fwww.fbi.gov%2Fnews%2Fpress-releases%2Ffbi-identifies-lazarus-group-cyber-actors-as-responsible-for-theft-of-41-million-from-stakecom&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-56"><span class="mw-cite-backlink"><b><a href="#cite_ref-56">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20220414">"North Korea Designation Update"</a>. <i>U.S. Department of the Treasury</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2022-04-15</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=U.S.+Department+of+the+Treasury&rft.atitle=North+Korea+Designation+Update&rft_id=https%3A%2F%2Fhome.treasury.gov%2Fpolicy-issues%2Ffinancial-sanctions%2Frecent-actions%2F20220414&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-57"><span class="mw-cite-backlink"><b><a href="#cite_ref-57">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFD'Cruze2024" class="citation web cs1">D'Cruze, Danny (2024-07-29). <a rel="nofollow" class="external text" href="https://www.businesstoday.in/technology/news/story/wazirx-hacked-north-korean-hackers-behind-235-million-theft-from-indian-investors-report-reveals-439240-2024-07-29">"WazirX hacked: North Korean hackers behind $235 million theft from Indian investors, report reveals"</a>. <i>Business Today</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2024-07-31</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Business+Today&rft.atitle=WazirX+hacked%3A+North+Korean+hackers+behind+%24235+million+theft+from+Indian+investors%2C+report+reveals&rft.date=2024-07-29&rft.aulast=D%27Cruze&rft.aufirst=Danny&rft_id=https%3A%2F%2Fwww.businesstoday.in%2Ftechnology%2Fnews%2Fstory%2Fwazirx-hacked-north-korean-hackers-behind-235-million-theft-from-indian-investors-report-reveals-439240-2024-07-29&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-58"><span class="mw-cite-backlink"><b><a href="#cite_ref-58">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.scmp.com/news/world/article/2131470/north-korea-barely-wired-so-how-did-it-become-global-hacking-power">"How barely connected North Korea became a hacking superpower"</a>. <i>South China Morning Post</i>. 1 February 2018<span class="reference-accessdate">. Retrieved <span class="nowrap">10 October</span> 2021</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=South+China+Morning+Post&rft.atitle=How+barely+connected+North+Korea+became+a+hacking+superpower&rft.date=2018-02-01&rft_id=https%3A%2F%2Fwww.scmp.com%2Fnews%2Fworld%2Farticle%2F2131470%2Fnorth-korea-barely-wired-so-how-did-it-become-global-hacking-power&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-59"><span class="mw-cite-backlink"><b><a href="#cite_ref-59">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFEST2018" class="citation web cs1">EST, Jason Murdock On 3/9/18 at 9:54 AM (2018-03-09). <a rel="nofollow" class="external text" href="https://www.newsweek.com/what-hidden-cobra-north-korean-hackers-linked-new-cyberattacks-banks-837819">"As Trump cozies up to Kim Jong-un, North Korean hackers target major banks"</a>. <i>Newsweek</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2019-08-16</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Newsweek&rft.atitle=As+Trump+cozies+up+to+Kim+Jong-un%2C+North+Korean+hackers+target+major+banks&rft.date=2018-03-09&rft.aulast=EST&rft.aufirst=Jason+Murdock+On+3%2F9%2F18+at+9%3A54+AM&rft_id=https%3A%2F%2Fwww.newsweek.com%2Fwhat-hidden-cobra-north-korean-hackers-linked-new-cyberattacks-banks-837819&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span><span class="cs1-maint citation-comment"><code class="cs1-code">{{<a href="/wiki/Template:Cite_web" title="Template:Cite web">cite web</a>}}</code>: CS1 maint: numeric names: authors list (<a href="/wiki/Category:CS1_maint:_numeric_names:_authors_list" title="Category:CS1 maint: numeric names: authors list">link</a>)</span></span> </li> <li id="cite_note-Treasury2019(2)-60"><span class="mw-cite-backlink">^ <a href="#cite_ref-Treasury2019(2)_60-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-Treasury2019(2)_60-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-Treasury2019(2)_60-2"><sup><i><b>c</b></i></sup></a> <a href="#cite_ref-Treasury2019(2)_60-3"><sup><i><b>d</b></i></sup></a> <a href="#cite_ref-Treasury2019(2)_60-4"><sup><i><b>e</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://home.treasury.gov/news/press-releases/sm774">"Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups"</a>. <i>U.S. Department of the Treasury</i>. 2019.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=U.S.+Department+of+the+Treasury&rft.atitle=Treasury+Sanctions+North+Korean+State-Sponsored+Malicious+Cyber+Groups&rft.date=2019&rft_id=https%3A%2F%2Fhome.treasury.gov%2Fnews%2Fpress-releases%2Fsm774&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-HHS2021-61"><span class="mw-cite-backlink">^ <a href="#cite_ref-HHS2021_61-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-HHS2021_61-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-HHS2021_61-2"><sup><i><b>c</b></i></sup></a> <a href="#cite_ref-HHS2021_61-3"><sup><i><b>d</b></i></sup></a> <a href="#cite_ref-HHS2021_61-4"><sup><i><b>e</b></i></sup></a> <a href="#cite_ref-HHS2021_61-5"><sup><i><b>f</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFHealthcare_Sector_Cybersecurity_Coordination_Center2021" class="citation web cs1">Healthcare Sector Cybersecurity Coordination Center, (HC3) (2021). <a rel="nofollow" class="external text" href="https://www.hhs.gov/sites/default/files/dprk-cyber-espionage.pdf">"North Korean Cyber Activity"</a> <span class="cs1-format">(PDF)</span>. <i>U.S. Department of Health & Human Services</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=U.S.+Department+of+Health+%26+Human+Services&rft.atitle=North+Korean+Cyber+Activity&rft.date=2021&rft.aulast=Healthcare+Sector+Cybersecurity+Coordination+Center&rft.aufirst=%28HC3%29&rft_id=https%3A%2F%2Fwww.hhs.gov%2Fsites%2Fdefault%2Ffiles%2Fdprk-cyber-espionage.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span><span class="cs1-maint citation-comment"><code class="cs1-code">{{<a href="/wiki/Template:Cite_web" title="Template:Cite web">cite web</a>}}</code>: CS1 maint: numeric names: authors list (<a href="/wiki/Category:CS1_maint:_numeric_names:_authors_list" title="Category:CS1 maint: numeric names: authors list">link</a>)</span></span> </li> <li id="cite_note-62"><span class="mw-cite-backlink"><b><a href="#cite_ref-62">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMeyers2018" class="citation web cs1">Meyers, Adam (2018-04-06). <a rel="nofollow" class="external text" href="https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-april-stardust-chollima/">"STARDUST CHOLLIMA | Threat Actor Profile | CrowdStrike"</a><span class="reference-accessdate">. Retrieved <span class="nowrap">2019-08-16</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=STARDUST+CHOLLIMA+%7C+Threat+Actor+Profile+%7C+CrowdStrike&rft.date=2018-04-06&rft.aulast=Meyers&rft.aufirst=Adam&rft_id=https%3A%2F%2Fwww.crowdstrike.com%2Fblog%2Fmeet-crowdstrikes-adversary-of-the-month-for-april-stardust-chollima%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-63"><span class="mw-cite-backlink"><b><a href="#cite_ref-63">^</a></b></span> <span class="reference-text"><a rel="nofollow" class="external text" href="https://threatpost.com/lazarus-apt-spinoff-linked-to-banking-hacks/124746/">Lazarus APT Spinoff Linked to Banking Hacks | Threatpost</a></span> </li> <li id="cite_note-Army2020-64"><span class="mw-cite-backlink">^ <a href="#cite_ref-Army2020_64-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-Army2020_64-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-Army2020_64-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://irp.fas.org/doddir/army/atp7-100-2.pdf">"North Korean Tactics"</a> <span class="cs1-format">(PDF)</span>. <i>Federation of American Scientists</i>. U.S. Army. 2020. pp. E-1, E-2.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Federation+of+American+Scientists&rft.atitle=North+Korean+Tactics&rft.pages=E-1%2C+E-2&rft.date=2020&rft_id=https%3A%2F%2Firp.fas.org%2Fdoddir%2Farmy%2Fatp7-100-2.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-66"><span class="mw-cite-backlink"><b><a href="#cite_ref-66">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.cisa.gov/uscert/ncas/alerts/aa20-239a">"FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks | CISA"</a>. 24 October 2020.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=FASTCash+2.0%3A+North+Korea%27s+BeagleBoyz+Robbing+Banks+%26%23124%3B+CISA&rft.date=2020-10-24&rft_id=https%3A%2F%2Fwww.cisa.gov%2Fuscert%2Fncas%2Falerts%2Faa20-239a&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-67"><span class="mw-cite-backlink"><b><a href="#cite_ref-67">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAlperovitch2014" class="citation web cs1">Alperovitch, Dmitri (2014-12-19). <a rel="nofollow" class="external text" href="https://www.crowdstrike.com/blog/unprecedented-announcement-fbi-implicates-north-korea-destructive-attacks/">"FBI Implicates North Korea in Destructive Attacks"</a><span class="reference-accessdate">. Retrieved <span class="nowrap">2019-08-16</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=FBI+Implicates+North+Korea+in+Destructive+Attacks&rft.date=2014-12-19&rft.aulast=Alperovitch&rft.aufirst=Dmitri&rft_id=https%3A%2F%2Fwww.crowdstrike.com%2Fblog%2Funprecedented-announcement-fbi-implicates-north-korea-destructive-attacks%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-68"><span class="mw-cite-backlink"><b><a href="#cite_ref-68">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSang-Hun2017" class="citation news cs1">Sang-Hun, Choe (2017-10-10). <a rel="nofollow" class="external text" href="https://www.nytimes.com/2017/10/10/world/asia/north-korea-hack-war-plans.html">"North Korean Hackers Stole U.S.-South Korean Military Plans, Lawmaker Says"</a>. <i>The New York Times</i>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/0362-4331">0362-4331</a><span class="reference-accessdate">. Retrieved <span class="nowrap">2019-08-16</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+New+York+Times&rft.atitle=North+Korean+Hackers+Stole+U.S.-South+Korean+Military+Plans%2C+Lawmaker+Says&rft.date=2017-10-10&rft.issn=0362-4331&rft.aulast=Sang-Hun&rft.aufirst=Choe&rft_id=https%3A%2F%2Fwww.nytimes.com%2F2017%2F10%2F10%2Fworld%2Fasia%2Fnorth-korea-hack-war-plans.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-69"><span class="mw-cite-backlink"><b><a href="#cite_ref-69">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFHuss" class="citation web cs1">Huss, Darien. <a rel="nofollow" class="external text" href="https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug-180129.pdf">"North Korea Bitten by Bitcoin Bug"</a> <span class="cs1-format">(PDF)</span>. <i>proofpoint.com</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2019-08-16</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=proofpoint.com&rft.atitle=North+Korea+Bitten+by+Bitcoin+Bug&rft.aulast=Huss&rft.aufirst=Darien&rft_id=https%3A%2F%2Fwww.proofpoint.com%2Fsites%2Fdefault%2Ffiles%2Fpfpt-us-wp-north-korea-bitten-by-bitcoin-bug-180129.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-70"><span class="mw-cite-backlink"><b><a href="#cite_ref-70">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFCimpanu2021" class="citation web cs1">Cimpanu, Catalin (February 17, 2021). <a rel="nofollow" class="external text" href="https://www.zdnet.com/article/us-charges-two-more-members-of-the-lazarus-north-korean-hacking-group/">"US charges two more members of the 'Lazarus' North Korean hacking group"</a>. <i>ZDNet</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2021-02-20</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=ZDNet&rft.atitle=US+charges+two+more+members+of+the+%27Lazarus%27+North+Korean+hacking+group&rft.date=2021-02-17&rft.aulast=Cimpanu&rft.aufirst=Catalin&rft_id=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fus-charges-two-more-members-of-the-lazarus-north-korean-hacking-group%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> <li id="cite_note-71"><span class="mw-cite-backlink"><b><a href="#cite_ref-71">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20230408080419/https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and">"Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe"</a>. <i>US Dept of Justice</i>. 17 February 2021. Archived from <a rel="nofollow" class="external text" href="https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and">the original</a> on 8 April 2023.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=US+Dept+of+Justice&rft.atitle=Three+North+Korean+Military+Hackers+Indicted+in+Wide-Ranging+Scheme+to+Commit+Cyberattacks+and+Financial+Crimes+Across+the+Globe&rft.date=2021-02-17&rft_id=https%3A%2F%2Fwww.justice.gov%2Fopa%2Fpr%2Fthree-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and&rfr_id=info%3Asid%2Fen.wikipedia.org%3ALazarus+Group" class="Z3988"></span></span> </li> </ol></div> <div class="mw-heading mw-heading3"><h3 id="Sources">Sources</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=29" title="Edit section: Sources"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li>Virus News (2016). "Kaspersky Lab Helps to Disrupt the Activity of the Lazarus Group Responsible for Multiple Devastating Cyber-Attacks", <i>Kaspersky Lab</i>.</li> <li>RBS (2014). "A Breakdown and Analysis of the December 2014 Sony Hack". <i>RiskBased Security.</i></li> <li>Cameron, Dell (2016). "Security Researchers Say Mysterious 'Lazarus Group' Hacked Sony in 2014", <i>The Daily Dot.</i></li> <li>Zetter, Kim (2014). "Sony Got Hacked Hard: What We Know and Don't Know So Far", <i>Wired.</i></li> <li>Zetter, Kim (2016). "Sony Hackers Were Causing Mayhem Years Before They Hit The Company", <i>Wired.</i></li></ul> <div class="mw-heading mw-heading2"><h2 id="External_links">External links</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Lazarus_Group&action=edit&section=30" title="Edit section: External links"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a rel="nofollow" class="external text" href="https://www.justice.gov/opa/press-release/file/1092091/download">Indictment of Park Jin Hyok, September 2018</a></li> <li><a rel="nofollow" class="external text" href="https://www.justice.gov/usao-cdca/press-release/file/1367721/download">Indictment of Park Jin Hyok, Jon Chang Hyok and Kim Il, January 2020</a></li> <li><i><a rel="nofollow" class="external text" href="https://www.bbc.co.uk/programmes/w13xtvg9/episodes/downloads">The Lazarus Heist</a></i> 10 part podcast from <a href="/wiki/BBC_World_Service" title="BBC World Service">BBC World Service</a>.</li></ul> <div class="navbox-styles"><style data-mw-deduplicate="TemplateStyles:r1129693374">.mw-parser-output .hlist dl,.mw-parser-output .hlist ol,.mw-parser-output .hlist ul{margin:0;padding:0}.mw-parser-output .hlist dd,.mw-parser-output .hlist dt,.mw-parser-output .hlist li{margin:0;display:inline}.mw-parser-output .hlist.inline,.mw-parser-output .hlist.inline dl,.mw-parser-output .hlist.inline ol,.mw-parser-output .hlist.inline ul,.mw-parser-output .hlist dl dl,.mw-parser-output .hlist dl ol,.mw-parser-output .hlist dl ul,.mw-parser-output .hlist ol dl,.mw-parser-output .hlist ol ol,.mw-parser-output .hlist ol ul,.mw-parser-output .hlist ul dl,.mw-parser-output .hlist ul ol,.mw-parser-output .hlist ul ul{display:inline}.mw-parser-output .hlist .mw-empty-li{display:none}.mw-parser-output .hlist dt::after{content:": "}.mw-parser-output .hlist dd::after,.mw-parser-output .hlist li::after{content:" · ";font-weight:bold}.mw-parser-output .hlist dd:last-child::after,.mw-parser-output .hlist dt:last-child::after,.mw-parser-output .hlist li:last-child::after{content:none}.mw-parser-output .hlist dd dd:first-child::before,.mw-parser-output .hlist dd dt:first-child::before,.mw-parser-output .hlist dd li:first-child::before,.mw-parser-output .hlist dt dd:first-child::before,.mw-parser-output .hlist dt dt:first-child::before,.mw-parser-output .hlist dt li:first-child::before,.mw-parser-output .hlist li dd:first-child::before,.mw-parser-output .hlist li dt:first-child::before,.mw-parser-output .hlist li li:first-child::before{content:" (";font-weight:normal}.mw-parser-output .hlist dd dd:last-child::after,.mw-parser-output .hlist dd dt:last-child::after,.mw-parser-output .hlist dd li:last-child::after,.mw-parser-output .hlist dt dd:last-child::after,.mw-parser-output .hlist dt dt:last-child::after,.mw-parser-output .hlist dt li:last-child::after,.mw-parser-output .hlist li dd:last-child::after,.mw-parser-output .hlist li dt:last-child::after,.mw-parser-output .hlist li li:last-child::after{content:")";font-weight:normal}.mw-parser-output .hlist ol{counter-reset:listitem}.mw-parser-output .hlist ol>li{counter-increment:listitem}.mw-parser-output .hlist ol>li::before{content:" "counter(listitem)"\a0 "}.mw-parser-output .hlist dd ol>li:first-child::before,.mw-parser-output .hlist dt ol>li:first-child::before,.mw-parser-output .hlist li ol>li:first-child::before{content:" ("counter(listitem)"\a0 "}</style><style data-mw-deduplicate="TemplateStyles:r1236075235">.mw-parser-output .navbox{box-sizing:border-box;border:1px solid #a2a9b1;width:100%;clear:both;font-size:88%;text-align:center;padding:1px;margin:1em auto 0}.mw-parser-output .navbox .navbox{margin-top:0}.mw-parser-output .navbox+.navbox,.mw-parser-output .navbox+.navbox-styles+.navbox{margin-top:-1px}.mw-parser-output .navbox-inner,.mw-parser-output .navbox-subgroup{width:100%}.mw-parser-output .navbox-group,.mw-parser-output .navbox-title,.mw-parser-output .navbox-abovebelow{padding:0.25em 1em;line-height:1.5em;text-align:center}.mw-parser-output .navbox-group{white-space:nowrap;text-align:right}.mw-parser-output .navbox,.mw-parser-output .navbox-subgroup{background-color:#fdfdfd}.mw-parser-output .navbox-list{line-height:1.5em;border-color:#fdfdfd}.mw-parser-output .navbox-list-with-group{text-align:left;border-left-width:2px;border-left-style:solid}.mw-parser-output tr+tr>.navbox-abovebelow,.mw-parser-output tr+tr>.navbox-group,.mw-parser-output tr+tr>.navbox-image,.mw-parser-output tr+tr>.navbox-list{border-top:2px solid #fdfdfd}.mw-parser-output .navbox-title{background-color:#ccf}.mw-parser-output .navbox-abovebelow,.mw-parser-output .navbox-group,.mw-parser-output .navbox-subgroup .navbox-title{background-color:#ddf}.mw-parser-output .navbox-subgroup .navbox-group,.mw-parser-output .navbox-subgroup .navbox-abovebelow{background-color:#e6e6ff}.mw-parser-output .navbox-even{background-color:#f7f7f7}.mw-parser-output .navbox-odd{background-color:transparent}.mw-parser-output .navbox .hlist td dl,.mw-parser-output .navbox .hlist td ol,.mw-parser-output .navbox .hlist td ul,.mw-parser-output .navbox td.hlist dl,.mw-parser-output .navbox td.hlist ol,.mw-parser-output .navbox td.hlist ul{padding:0.125em 0}.mw-parser-output .navbox .navbar{display:block;font-size:100%}.mw-parser-output .navbox-title .navbar{float:left;text-align:left;margin-right:0.5em}body.skin--responsive .mw-parser-output .navbox-image img{max-width:none!important}@media print{body.ns-0 .mw-parser-output .navbox{display:none!important}}</style></div><div role="navigation" class="navbox" aria-labelledby="Hacking_in_the_2010s" style="padding:3px"><table class="nowraplinks hlist mw-collapsible autocollapse navbox-inner" style="border-spacing:0;background:transparent;color:inherit"><tbody><tr><th scope="col" class="navbox-title" colspan="2"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><style data-mw-deduplicate="TemplateStyles:r1239400231">.mw-parser-output .navbar{display:inline;font-size:88%;font-weight:normal}.mw-parser-output .navbar-collapse{float:left;text-align:left}.mw-parser-output .navbar-boxtext{word-spacing:0}.mw-parser-output .navbar ul{display:inline-block;white-space:nowrap;line-height:inherit}.mw-parser-output .navbar-brackets::before{margin-right:-0.125em;content:"[ "}.mw-parser-output .navbar-brackets::after{margin-left:-0.125em;content:" ]"}.mw-parser-output .navbar li{word-spacing:-0.125em}.mw-parser-output .navbar a>span,.mw-parser-output .navbar a>abbr{text-decoration:inherit}.mw-parser-output .navbar-mini abbr{font-variant:small-caps;border-bottom:none;text-decoration:none;cursor:inherit}.mw-parser-output .navbar-ct-full{font-size:114%;margin:0 7em}.mw-parser-output .navbar-ct-mini{font-size:114%;margin:0 4em}html.skin-theme-clientpref-night .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}@media(prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}}@media print{.mw-parser-output .navbar{display:none!important}}</style><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/wiki/Template:Hacking_in_the_2010s" title="Template:Hacking in the 2010s"><abbr title="View this template">v</abbr></a></li><li class="nv-talk"><a href="/wiki/Template_talk:Hacking_in_the_2010s" title="Template talk:Hacking in the 2010s"><abbr title="Discuss this template">t</abbr></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:Hacking_in_the_2010s" title="Special:EditPage/Template:Hacking in the 2010s"><abbr title="Edit this template">e</abbr></a></li></ul></div><div id="Hacking_in_the_2010s" style="font-size:114%;margin:0 4em">Hacking in the 2010s</div></th></tr><tr><td class="navbox-abovebelow" colspan="2"><div><table style="width:100%; margin:1px; display:inline-table;"><tbody><tr> <td style="text-align:left; vertical-align:middle; padding:0 0.5em 0 0;" class="noprint">← <a href="/wiki/Template:Hacking_in_the_2000s" title="Template:Hacking in the 2000s">2000s</a></td> <td style="text-align:center; vertical-align:middle;; padding:0 1px;" class=""><a href="/wiki/Timeline_of_computer_security_hacker_history#2010s" class="mw-redirect" title="Timeline of computer security hacker history">Timeline</a></td> <td style="text-align:right; vertical-align:middle;; padding:0 0 0 0.5em;" class="noprint"><a href="/wiki/Template:Hacking_in_the_2020s" title="Template:Hacking in the 2020s">2020s</a> →</td> </tr></tbody></table></div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Major incidents</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"></div><table class="nowraplinks navbox-subgroup" style="border-spacing:0"><tbody><tr><th scope="row" class="navbox-group" style="width:1%">2010</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Operation_Aurora" title="Operation Aurora">Operation Aurora</a> (publication of 2009 events)</li> <li><a href="/wiki/February_2010_Australian_cyberattacks" title="February 2010 Australian cyberattacks">Australian cyberattacks</a></li> <li><a href="/wiki/Operation_Olympic_Games" title="Operation Olympic Games">Operation Olympic Games</a></li> <li><a href="/wiki/Shadow_Network" title="Shadow Network">Operation ShadowNet</a></li> <li><a href="/wiki/Operation_Payback" title="Operation Payback">Operation Payback</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2011</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/2011_Canadian_government_hackings" title="2011 Canadian government hackings">Canadian government</a></li> <li><a href="/wiki/DigiNotar" title="DigiNotar">DigiNotar</a></li> <li><a href="/wiki/DNSChanger" title="DNSChanger">DNSChanger</a></li> <li><a href="/wiki/HBGary" title="HBGary">HBGary Federal</a></li> <li><a href="/wiki/Operation_AntiSec" title="Operation AntiSec">Operation AntiSec</a></li> <li><a href="/wiki/2011_PlayStation_Network_outage" title="2011 PlayStation Network outage">PlayStation network outage</a></li> <li><a href="/wiki/RSA_SecurID#March_2011_system_compromise" title="RSA SecurID">RSA SecurID compromise</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2012</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/2012_LinkedIn_hack" title="2012 LinkedIn hack">LinkedIn hack</a></li> <li><a href="/wiki/Stratfor_email_leak" title="Stratfor email leak">Stratfor email leak</a></li> <li><a href="/wiki/Operation_High_Roller" title="Operation High Roller">Operation High Roller</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2013</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/2013_South_Korea_cyberattack" title="2013 South Korea cyberattack">South Korea cyberattack</a></li> <li><a href="/wiki/Snapchat#December_2013_hack" title="Snapchat">Snapchat hack</a></li> <li><a href="/wiki/June_25_cyber_terror" class="mw-redirect" title="June 25 cyber terror">Cyberterrorism attack of June 25</a></li> <li><a href="/wiki/Yahoo!_data_breaches#August_2013:_breach" class="mw-redirect" title="Yahoo! data breaches">2013 Yahoo! data breach</a></li> <li><a href="/wiki/2013_Singapore_cyberattacks" title="2013 Singapore cyberattacks">Singapore cyberattacks</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2014</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Anthem_medical_data_breach" title="Anthem medical data breach">Anthem medical data breach</a></li> <li><a href="/wiki/Operation_Tovar" title="Operation Tovar">Operation Tovar</a></li> <li><a href="/wiki/2014_celebrity_nude_photo_leak" title="2014 celebrity nude photo leak">2014 celebrity nude photo leak</a></li> <li><a href="/wiki/2014_JPMorgan_Chase_data_breach" title="2014 JPMorgan Chase data breach">2014 JPMorgan Chase data breach</a></li> <li><a href="/wiki/2014_Sony_Pictures_hack" title="2014 Sony Pictures hack">2014 Sony Pictures hack</a></li> <li><a href="/wiki/2014_Russian_hacker_password_theft" title="2014 Russian hacker password theft">Russian hacker password theft</a></li> <li><a href="/wiki/Yahoo!_data_breaches#Late_2014:_breach" class="mw-redirect" title="Yahoo! data breaches">2014 Yahoo! data breach</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2015</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Office_of_Personnel_Management_data_breach" title="Office of Personnel Management data breach">Office of Personnel Management data breach</a></li> <li><a href="/wiki/HackingTeam#2015_data_breach" title="HackingTeam">HackingTeam</a></li> <li><a href="/wiki/Ashley_Madison_data_breach" title="Ashley Madison data breach">Ashley Madison data breach</a></li> <li><a href="/wiki/VTech#2015_data_breach" title="VTech">VTech data breach</a></li> <li><a href="/wiki/2015_Ukraine_power_grid_hack" title="2015 Ukraine power grid hack">Ukrainian Power Grid Cyberattack</a></li> <li><a href="/wiki/2015%E2%80%932016_SWIFT_banking_hack" title="2015–2016 SWIFT banking hack">SWIFT banking hack</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2016</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Bangladesh_Bank_robbery" title="Bangladesh Bank robbery">Bangladesh Bank robbery</a></li> <li><a href="/wiki/Hollywood_Presbyterian_Medical_Center#Ransomware" title="Hollywood Presbyterian Medical Center">Hollywood Presbyterian Medical Center ransomware incident</a></li> <li><a href="/wiki/Commission_on_Elections_data_breach" title="Commission on Elections data breach">Commission on Elections data breach</a></li> <li><a href="/wiki/Democratic_National_Committee_cyber_attacks" title="Democratic National Committee cyber attacks">Democratic National Committee cyber attacks</a></li> <li><a href="/wiki/Vietnamese_airports_hackings" title="Vietnamese airports hackings">Vietnam Airport Hacks</a></li> <li><a href="/wiki/Democratic_Congressional_Campaign_Committee_cyber_attacks" title="Democratic Congressional Campaign Committee cyber attacks">DCCC cyber attacks</a></li> <li><a href="/wiki/2016_Indian_Banks_data_breach" class="mw-redirect" title="2016 Indian Banks data breach">Indian Bank data breaches</a></li> <li><a href="/wiki/Surkov_leaks" title="Surkov leaks">Surkov leaks</a></li> <li><a href="/wiki/DDoS_attacks_on_Dyn" title="DDoS attacks on Dyn">Dyn cyberattack</a></li> <li><a href="/wiki/Russian_interference_in_the_2016_United_States_elections" title="Russian interference in the 2016 United States elections">Russian interference in the 2016 U.S. elections</a></li> <li><a href="/wiki/2016_Bitfinex_hack" title="2016 Bitfinex hack">2016 Bitfinex hack</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2017</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/SHA1#SHAttered_–_first_public_collision" class="mw-redirect" title="SHA1">SHAttered</a></li> <li><a href="/wiki/2017_Macron_e-mail_leaks" title="2017 Macron e-mail leaks">2017 Macron e-mail leaks</a></li> <li><a href="/wiki/WannaCry_ransomware_attack" title="WannaCry ransomware attack">WannaCry ransomware attack</a></li> <li><a href="/wiki/2017_Westminster_data_breach" title="2017 Westminster data breach">Westminster data breach</a></li> <li><a href="/wiki/Petya_(malware_family)" title="Petya (malware family)">Petya and NotPetya</a> <ul><li><a href="/wiki/2017_Ukraine_ransomware_attacks" title="2017 Ukraine ransomware attacks">2017 Ukraine ransomware attacks</a></li></ul></li> <li><a href="/wiki/2017_Equifax_data_breach" title="2017 Equifax data breach">Equifax data breach</a></li> <li><a href="/wiki/Deloitte#E-mail_hack" title="Deloitte">Deloitte breach</a></li> <li><a href="/wiki/Disqus#October_2017_security_breach" title="Disqus">Disqus breach</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2018</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Trustico#DigiCert_and_Trustico_spat,_2018" title="Trustico">Trustico</a></li> <li><a href="/wiki/Atlanta_government_ransomware_attack" title="Atlanta government ransomware attack">Atlanta cyberattack</a></li> <li><a href="/wiki/2018_SingHealth_data_breach" title="2018 SingHealth data breach">SingHealth data breach</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2019</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/2019_cyberattacks_on_Sri_Lanka" title="2019 cyberattacks on Sri Lanka">Sri Lanka cyberattack</a></li> <li><a href="/wiki/2019_Baltimore_ransomware_attack" title="2019 Baltimore ransomware attack">Baltimore ransomware attack</a></li> <li><a href="/wiki/2019_Bulgarian_revenue_agency_hack" class="mw-redirect" title="2019 Bulgarian revenue agency hack">Bulgarian revenue agency hack</a></li> <li><a href="/wiki/WhatsApp_snooping_scandal" title="WhatsApp snooping scandal">WhatsApp snooping scandal</a></li> <li><a href="/wiki/Jeff_Bezos_phone_hacking_incident" title="Jeff Bezos phone hacking incident">Jeff Bezos phone hacking incident</a></li></ul> </div></td></tr></tbody></table><div></div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Hacktivism" title="Hacktivism">Hacktivism</a></th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Anonymous_(hacker_group)" title="Anonymous (hacker group)">Anonymous</a> <ul><li><a href="/wiki/Timeline_of_events_associated_with_Anonymous" title="Timeline of events associated with Anonymous">associated events</a></li></ul></li> <li><a href="/wiki/CyberBerkut" title="CyberBerkut">CyberBerkut</a></li> <li><a href="/wiki/Gay_Nigger_Association_of_America" title="Gay Nigger Association of America">GNAA</a></li> <li><a href="/wiki/Goatse_Security" title="Goatse Security">Goatse Security</a></li> <li><a href="/wiki/Lizard_Squad" title="Lizard Squad">Lizard Squad</a></li> <li><a href="/wiki/LulzRaft" title="LulzRaft">LulzRaft</a></li> <li><a href="/wiki/LulzSec" title="LulzSec">LulzSec</a></li> <li><a href="/wiki/2016_Dyn_cyberattack#Perpetrators" class="mw-redirect" title="2016 Dyn cyberattack">New World Hackers</a></li> <li><a href="/wiki/NullCrew" title="NullCrew">NullCrew</a></li> <li><a href="/wiki/OurMine" title="OurMine">OurMine</a></li> <li><a href="/wiki/PayPal_14" title="PayPal 14">PayPal 14</a></li> <li><a href="/wiki/RedHack" title="RedHack">RedHack</a></li> <li><a href="/wiki/Teamp0ison" title="Teamp0ison">Teamp0ison</a></li> <li><a href="/wiki/The_Dark_Overlord_(hacker_group)" title="The Dark Overlord (hacker group)"> TDO </a></li> <li><a href="/wiki/UGNazi" title="UGNazi">UGNazi</a></li> <li><a href="/wiki/Ukrainian_Cyber_Alliance" title="Ukrainian Cyber Alliance">Ukrainian Cyber Alliance</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Advanced_persistent_threat" title="Advanced persistent threat">Advanced<br />persistent threats</a></th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Bangladesh_Black_Hat_Hackers" title="Bangladesh Black Hat Hackers">Bangladesh Black Hat Hackers</a></li> <li><a href="/wiki/Bureau_121" title="Bureau 121">Bureau 121</a></li> <li><a href="/wiki/Charming_Kitten" title="Charming Kitten">Charming Kitten</a></li> <li><a href="/wiki/Cozy_Bear" title="Cozy Bear">Cozy Bear</a></li> <li><a href="/wiki/Dark_Basin" title="Dark Basin">Dark Basin</a></li> <li><a href="/wiki/DarkMatter_Group" title="DarkMatter Group">DarkMatter</a></li> <li><a href="/wiki/Elfin_Team" title="Elfin Team">Elfin Team</a></li> <li><a href="/wiki/Equation_Group" title="Equation Group">Equation Group</a></li> <li><a href="/wiki/Fancy_Bear" title="Fancy Bear">Fancy Bear</a></li> <li><a href="/wiki/Stuxnet#History" title="Stuxnet">GOSSIPGIRL</a> (confederation)</li> <li><a href="/wiki/Guccifer_2.0" title="Guccifer 2.0">Guccifer 2.0</a></li> <li><a href="/wiki/Hacking_Team" class="mw-redirect" title="Hacking Team">Hacking Team</a></li> <li><a href="/wiki/Helix_Kitten" title="Helix Kitten">Helix Kitten</a></li> <li><a href="/wiki/Iranian_Cyber_Army" title="Iranian Cyber Army">Iranian Cyber Army</a></li> <li><a class="mw-selflink selflink">Lazarus Group</a> (<a class="mw-selflink-fragment" href="#BlueNorOff">BlueNorOff</a>) (<a class="mw-selflink-fragment" href="#AndAriel">AndAriel</a>)</li> <li><a href="/wiki/NSO_Group" title="NSO Group">NSO Group</a></li> <li><a href="/wiki/Numbered_Panda" title="Numbered Panda">Numbered Panda</a></li> <li><a href="/wiki/PLA_Unit_61398" title="PLA Unit 61398">PLA Unit 61398</a></li> <li><a href="/wiki/PLA_Unit_61486" title="PLA Unit 61486">PLA Unit 61486</a></li> <li><a href="/wiki/PLATINUM_(cybercrime_group)" title="PLATINUM (cybercrime group)">PLATINUM</a></li> <li><a href="/wiki/Pranknet" title="Pranknet">Pranknet</a></li> <li><a href="/wiki/Red_Apollo" title="Red Apollo">Red Apollo</a></li> <li><a href="/wiki/Rocket_Kitten" title="Rocket Kitten">Rocket Kitten</a></li> <li><a href="/wiki/Stealth_Falcon" title="Stealth Falcon">Stealth Falcon</a></li> <li><a href="/wiki/Syrian_Electronic_Army" title="Syrian Electronic Army">Syrian Electronic Army</a></li> <li><a href="/wiki/Tailored_Access_Operations" title="Tailored Access Operations">Tailored Access Operations</a></li> <li><a href="/wiki/The_Shadow_Brokers" title="The Shadow Brokers">The Shadow Brokers</a></li> <li><a href="/wiki/XDedic" title="XDedic">xDedic</a></li> <li><a href="/wiki/Yemen_Cyber_Army" title="Yemen Cyber Army">Yemen Cyber Army</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Hacker" title="Hacker">Individuals</a></th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Ryan_Ackroyd" title="Ryan Ackroyd">Ryan Ackroyd</a></li> <li><a href="/wiki/Mustafa_Al-Bassam" title="Mustafa Al-Bassam">Mustafa Al-Bassam</a></li> <li><a href="/wiki/George_Hotz" title="George Hotz">George Hotz</a></li> <li><a href="/wiki/Guccifer" title="Guccifer">Guccifer</a></li> <li><a href="/wiki/Elliott_Gunton" title="Elliott Gunton">Elliott Gunton</a></li> <li><a href="/wiki/Jeremy_Hammond" title="Jeremy Hammond">Jeremy Hammond</a></li> <li><a href="/wiki/Kristoffer_von_Hassel" title="Kristoffer von Hassel">Kristoffer von Hassel</a></li> <li><a href="/wiki/Junaid_Hussain" title="Junaid Hussain">Junaid Hussain</a></li> <li><a href="/wiki/MLT_(hacktivist)" title="MLT (hacktivist)">MLT</a></li> <li><a href="/wiki/Hector_Monsegur" title="Hector Monsegur">Sabu</a></li> <li><a href="/wiki/Roman_Seleznev" title="Roman Seleznev">Track2</a></li> <li><a href="/wiki/Topiary_(hacktivist)" title="Topiary (hacktivist)">Topiary</a></li> <li><a href="/wiki/The_Jester_(hacktivist)" title="The Jester (hacktivist)">The Jester</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Major <a href="/wiki/Vulnerability_(computing)" class="mw-redirect" title="Vulnerability (computing)">vulnerabilities</a><br />publicly <a href="/wiki/Full_disclosure_(computer_security)" title="Full disclosure (computer security)">disclosed</a></th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Evercookie" title="Evercookie">Evercookie</a> (2010)</li> <li><a href="/wiki/ISeeYou" title="ISeeYou">iSeeYou</a> (2013)</li> <li><a href="/wiki/Heartbleed" title="Heartbleed"> Heartbleed</a> (2014)</li> <li><a href="/wiki/Shellshock_(software_bug)" title="Shellshock (software bug)">Shellshock</a> (2014)</li> <li><a href="/wiki/POODLE" title="POODLE">POODLE</a> (2014)</li> <li><a href="/wiki/Rootpipe" title="Rootpipe">Rootpipe</a> (2014)</li> <li><a href="/wiki/Row_hammer" title="Row hammer">Row hammer</a> (2014)</li> <li><a href="/wiki/Signaling_System_No._7#Protocol_security_vulnerabilities" class="mw-redirect" title="Signaling System No. 7">SS7 vulnerabilities</a> (2014)</li> <li><a href="/wiki/WinShock" title="WinShock">WinShock</a> (2014)</li> <li><a href="/wiki/JASBUG" title="JASBUG">JASBUG</a> (2015)</li> <li><a href="/wiki/Stagefright_(bug)" title="Stagefright (bug)">Stagefright</a> (2015)</li> <li><a href="/wiki/DROWN_attack" title="DROWN attack">DROWN</a> (2016)</li> <li><a href="/wiki/Badlock" title="Badlock">Badlock</a> (2016)</li> <li><a href="/wiki/Dirty_COW" title="Dirty COW">Dirty COW</a> (2016)</li> <li><a href="/wiki/Cloudbleed" title="Cloudbleed">Cloudbleed</a> (2017)</li> <li><a href="/wiki/Broadcom_Corporation#soc-wifi-vulns" title="Broadcom Corporation">Broadcom Wi-Fi</a> (2017)</li> <li><a href="/wiki/EternalBlue" title="EternalBlue">EternalBlue</a> (2017)</li> <li><a href="/wiki/DoublePulsar" title="DoublePulsar">DoublePulsar</a> (2017)</li> <li><a href="/wiki/Intel_Active_Management_Technology#Silent_Bob_is_Silent" title="Intel Active Management Technology">Silent Bob is Silent</a> (2017)</li> <li><a href="/wiki/KRACK" title="KRACK">KRACK</a> (2017)</li> <li><a href="/wiki/ROCA_vulnerability" title="ROCA vulnerability">ROCA vulnerability</a> (2017)</li> <li><a href="/wiki/BlueBorne_(security_vulnerability)" title="BlueBorne (security vulnerability)">BlueBorne</a> (2017)</li> <li><a href="/wiki/Meltdown_(security_vulnerability)" title="Meltdown (security vulnerability)">Meltdown</a> (2018)</li> <li><a href="/wiki/Spectre_(security_vulnerability)" title="Spectre (security vulnerability)">Spectre</a> (2018)</li> <li><a href="/wiki/EFAIL" title="EFAIL">EFAIL</a> (2018)</li> <li><a href="/wiki/Exactis" title="Exactis">Exactis</a> (2018)</li> <li><a href="/wiki/Speculative_Store_Bypass" title="Speculative Store Bypass">Speculative Store Bypass</a> (2018)</li> <li><a href="/wiki/Lazy_FP_state_restore" title="Lazy FP state restore">Lazy FP state restore</a> (2018)</li> <li><a href="/wiki/TLBleed" title="TLBleed">TLBleed</a> (2018)</li> <li><a href="/wiki/SigSpoof" title="SigSpoof">SigSpoof</a> (2018)</li> <li><a href="/wiki/Foreshadow" title="Foreshadow">Foreshadow</a> (2018)</li> <li><a href="/wiki/Wi-Fi_Protected_Access#Dragonblood_attack" title="Wi-Fi Protected Access">Dragonblood</a> (2019)</li> <li><a href="/wiki/Microarchitectural_Data_Sampling" title="Microarchitectural Data Sampling">Microarchitectural Data Sampling</a> (2019)</li> <li><a href="/wiki/BlueKeep" title="BlueKeep">BlueKeep</a> (2019)</li> <li><a href="/wiki/Kr00k" title="Kr00k">Kr00k</a> (2019)</li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Malware" title="Malware">Malware</a></th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"></div><table class="nowraplinks navbox-subgroup" style="border-spacing:0"><tbody><tr><th scope="row" class="navbox-group" style="width:1%">2010</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Ransomware#Bad_Rabbit" title="Ransomware">Bad Rabbit</a></li> <li><a href="/wiki/BlackEnergy#BlackEnergy_2_(BE2)" title="BlackEnergy"> Black Energy 2</a></li> <li><a href="/wiki/SpyEye" title="SpyEye">SpyEye</a></li> <li><a href="/wiki/Stuxnet" title="Stuxnet">Stuxnet</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2011</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Coreflood" title="Coreflood">Coreflood</a></li> <li><a href="/wiki/Alureon" title="Alureon">Alureon</a></li> <li><a href="/wiki/Duqu" title="Duqu">Duqu</a></li> <li><a href="/wiki/Kelihos_botnet" title="Kelihos botnet">Kelihos</a></li> <li><a href="/wiki/Metulji_botnet" title="Metulji botnet">Metulji botnet</a></li> <li><a href="/wiki/Stars_virus" title="Stars virus">Stars</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2012</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Carna_botnet" title="Carna botnet">Carna</a></li> <li><a href="/wiki/Dexter_(malware)" title="Dexter (malware)">Dexter</a></li> <li><a href="/wiki/FBI_MoneyPak_Ransomware" title="FBI MoneyPak Ransomware">FBI</a></li> <li><a href="/wiki/Flame_(malware)" title="Flame (malware)">Flame</a></li> <li><a href="/wiki/Mahdi_(malware)" title="Mahdi (malware)">Mahdi</a></li> <li><a href="/wiki/Red_October_(malware)" title="Red October (malware)">Red October</a></li> <li><a href="/wiki/Shamoon" title="Shamoon">Shamoon</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2013</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/CryptoLocker" title="CryptoLocker">CryptoLocker</a></li> <li><a href="/wiki/2013_South_Korea_cyberattack" title="2013 South Korea cyberattack">DarkSeoul</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2014</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Brambul" title="Brambul">Brambul</a></li> <li><a href="/wiki/BlackEnergy#BlackEnergy_3_(BE3)" title="BlackEnergy"> Black Energy 3</a></li> <li><a href="/wiki/Carbanak" title="Carbanak">Carbanak</a></li> <li><a href="/wiki/Careto_(malware)" title="Careto (malware)">Careto</a></li> <li><a href="/wiki/DarkHotel" title="DarkHotel">DarkHotel</a></li> <li><a href="/wiki/Duqu_2.0" title="Duqu 2.0">Duqu 2.0</a></li> <li><a href="/wiki/FinFisher" title="FinFisher">FinFisher</a></li> <li><a href="/wiki/Gameover_ZeuS" title="Gameover ZeuS">Gameover ZeuS</a></li> <li><a href="/wiki/Regin_(malware)" title="Regin (malware)">Regin</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2015</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Dridex" title="Dridex">Dridex</a></li> <li><a href="/wiki/Hidden_Tear" title="Hidden Tear">Hidden Tear</a></li> <li><a href="/wiki/Rombertik" title="Rombertik">Rombertik</a></li> <li><a href="/wiki/TeslaCrypt" title="TeslaCrypt">TeslaCrypt</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2016</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Hitler-Ransomware" title="Hitler-Ransomware">Hitler</a></li> <li><a href="/wiki/Jigsaw_(ransomware)" title="Jigsaw (ransomware)">Jigsaw</a></li> <li><a href="/wiki/KeRanger" title="KeRanger">KeRanger</a></li> <li><a href="/wiki/Necurs" class="mw-redirect" title="Necurs">Necurs</a></li> <li><a href="/wiki/MEMZ" title="MEMZ">MEMZ</a></li> <li><a href="/wiki/Mirai_(malware)" title="Mirai (malware)">Mirai</a></li> <li><a href="/wiki/Pegasus_(spyware)" title="Pegasus (spyware)">Pegasus</a></li> <li><a href="/wiki/Petya_and_NotPetya" class="mw-redirect" title="Petya and NotPetya">Petya and NotPetya</a></li> <li><a href="/wiki/X-Agent" title="X-Agent">X-Agent</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2017</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/BrickerBot" title="BrickerBot">BrickerBot</a></li> <li><a href="/wiki/Kirk_Ransomware" title="Kirk Ransomware">Kirk</a></li> <li><a href="/wiki/LogicLocker" title="LogicLocker">LogicLocker</a></li> <li><a href="/wiki/Rensenware" title="Rensenware">Rensenware</a></li> <li><a href="/wiki/Triton_(malware)" title="Triton (malware)">Triton</a></li> <li><a href="/wiki/WannaCry_ransomware_attack" title="WannaCry ransomware attack">WannaCry</a></li> <li><a href="/wiki/Xafecopy_Trojan" title="Xafecopy Trojan">XafeCopy</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2018</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/VPNFilter" title="VPNFilter">VPNFilter</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2019</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Grum_botnet" title="Grum botnet">Grum</a></li> <li><a href="/wiki/Joanap" title="Joanap">Joanap</a></li> <li><a href="/wiki/NetTraveler" title="NetTraveler">NetTraveler</a></li> <li><a href="/wiki/Chaos_Computer_Club#Staatstrojaner_affair" title="Chaos Computer Club">R2D2</a></li> <li><a href="/wiki/Tiny_Banker_Trojan" title="Tiny Banker Trojan">Tinba</a></li> <li><a href="/wiki/Titanium_(malware)" title="Titanium (malware)">Titanium</a></li> <li><a href="/wiki/ZeroAccess_botnet" title="ZeroAccess botnet">ZeroAccess botnet</a></li></ul> </div></td></tr></tbody></table><div></div></td></tr></tbody></table></div>    </div><noscript><img src="https://login.wikimedia.org/wiki/Special:CentralAutoLogin/start?type=1x1" alt="" width="1" height="1" style="border: none; position: absolute;"></noscript> <div class="printfooter" data-nosnippet="">Retrieved from "<a dir="ltr" href="https://en.wikipedia.org/w/index.php?title=Lazarus_Group&oldid=1256603281">https://en.wikipedia.org/w/index.php?title=Lazarus_Group&oldid=1256603281</a>"</div></div> <div id="catlinks" class="catlinks" data-mw="interface"><div id="mw-normal-catlinks" class="mw-normal-catlinks"><a href="/wiki/Help:Category" title="Help:Category">Categories</a>: <ul><li><a href="/wiki/Category:Cyberattacks" title="Category:Cyberattacks">Cyberattacks</a></li><li><a href="/wiki/Category:North_Korean_advanced_persistent_threat_groups" title="Category:North Korean advanced persistent threat groups">North Korean advanced persistent threat groups</a></li><li><a href="/wiki/Category:Hacking_in_the_2000s" title="Category:Hacking in the 2000s">Hacking in the 2000s</a></li><li><a href="/wiki/Category:Hacking_in_the_2010s" title="Category:Hacking in the 2010s">Hacking in the 2010s</a></li><li><a href="/wiki/Category:Cyberattack_gangs" title="Category:Cyberattack gangs">Cyberattack gangs</a></li><li><a href="/wiki/Category:North_Korean_entities_subject_to_U.S._Department_of_the_Treasury_sanctions" title="Category:North Korean entities subject to U.S. Department of the Treasury sanctions">North Korean entities subject to U.S. Department of the Treasury sanctions</a></li><li><a href="/wiki/Category:Cybercrime_in_India" title="Category:Cybercrime in India">Cybercrime in India</a></li><li><a href="/wiki/Category:Specially_Designated_Nationals_and_Blocked_Persons_List" title="Category:Specially Designated Nationals and Blocked Persons List">Specially Designated Nationals and Blocked Persons List</a></li></ul></div><div id="mw-hidden-catlinks" class="mw-hidden-catlinks mw-hidden-cats-hidden">Hidden categories: <ul><li><a href="/wiki/Category:CS1_maint:_multiple_names:_authors_list" title="Category:CS1 maint: multiple names: authors list">CS1 maint: multiple names: authors list</a></li><li><a href="/wiki/Category:CS1_maint:_numeric_names:_authors_list" title="Category:CS1 maint: numeric names: authors list">CS1 maint: numeric names: authors list</a></li><li><a href="/wiki/Category:Articles_with_short_description" title="Category:Articles with short description">Articles with short description</a></li><li><a href="/wiki/Category:Short_description_is_different_from_Wikidata" title="Category:Short description is different from Wikidata">Short description is different from Wikidata</a></li><li><a href="/wiki/Category:Pages_using_infobox_organization_with_unknown_parameters" title="Category:Pages using infobox organization with unknown parameters">Pages using infobox organization with unknown parameters</a></li><li><a href="/wiki/Category:All_articles_with_vague_or_ambiguous_time" title="Category:All articles with vague or ambiguous time">All articles with vague or ambiguous time</a></li><li><a href="/wiki/Category:Vague_or_ambiguous_time_from_August_2021" title="Category:Vague or ambiguous time from August 2021">Vague or ambiguous time from August 2021</a></li></ul></div></div> </div> </main> </div> <div class="mw-footer-container"> <footer id="footer" class="mw-footer" > <ul id="footer-info"> <li id="footer-info-lastmod"> This page was last edited on 10 November 2024, at 19:02<span class="anonymous-show"> (UTC)</span>.</li> <li id="footer-info-copyright">Text is available under the <a href="/wiki/Wikipedia:Text_of_the_Creative_Commons_Attribution-ShareAlike_4.0_International_License" title="Wikipedia:Text of the Creative Commons Attribution-ShareAlike 4.0 International License">Creative Commons Attribution-ShareAlike 4.0 License</a>; additional terms may apply. By using this site, you agree to the <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Terms_of_Use" class="extiw" title="foundation:Special:MyLanguage/Policy:Terms of Use">Terms of Use</a> and <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy" class="extiw" title="foundation:Special:MyLanguage/Policy:Privacy policy">Privacy Policy</a>. Wikipedia® is a registered trademark of the <a rel="nofollow" class="external text" href="https://wikimediafoundation.org/">Wikimedia Foundation, Inc.</a>, a non-profit organization.</li> </ul> <ul id="footer-places"> <li id="footer-places-privacy"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy">Privacy policy</a></li> <li id="footer-places-about"><a href="/wiki/Wikipedia:About">About Wikipedia</a></li> <li id="footer-places-disclaimers"><a href="/wiki/Wikipedia:General_disclaimer">Disclaimers</a></li> <li id="footer-places-contact"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us">Contact Wikipedia</a></li> <li id="footer-places-wm-codeofconduct"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Universal_Code_of_Conduct">Code of Conduct</a></li> <li id="footer-places-developers"><a href="https://developer.wikimedia.org">Developers</a></li> <li id="footer-places-statslink"><a href="https://stats.wikimedia.org/#/en.wikipedia.org">Statistics</a></li> <li id="footer-places-cookiestatement"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Cookie_statement">Cookie statement</a></li> <li id="footer-places-mobileview"><a href="//en.m.wikipedia.org/w/index.php?title=Lazarus_Group&mobileaction=toggle_view_mobile" class="noprint stopMobileRedirectToggle">Mobile view</a></li> </ul> <ul id="footer-icons" class="noprint"> <li id="footer-copyrightico"><a href="https://wikimediafoundation.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/static/images/footer/wikimedia-button.svg" width="84" height="29" alt="Wikimedia Foundation" loading="lazy"></a></li> <li id="footer-poweredbyico"><a href="https://www.mediawiki.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/w/resources/assets/poweredby_mediawiki.svg" alt="Powered by MediaWiki" width="88" height="31" loading="lazy"></a></li> </ul> </footer> </div> </div> </div> <div class="vector-settings" id="p-dock-bottom"> <ul></ul> </div><script>(RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgHostname":"mw-web.codfw.main-57488d5c7d-ngwqj","wgBackendResponseTime":157,"wgPageParseReport":{"limitreport":{"cputime":"0.787","walltime":"1.022","ppvisitednodes":{"value":5088,"limit":1000000},"postexpandincludesize":{"value":195100,"limit":2097152},"templateargumentsize":{"value":3420,"limit":2097152},"expansiondepth":{"value":14,"limit":100},"expensivefunctioncount":{"value":8,"limit":500},"unstrip-depth":{"value":1,"limit":20},"unstrip-size":{"value":258499,"limit":5000000},"entityaccesscount":{"value":0,"limit":400},"timingprofile":["100.00% 811.577 1 -total"," 49.60% 402.545 2 Template:Reflist"," 29.70% 241.010 44 Template:Cite_web"," 15.65% 127.001 1 Template:Short_description"," 12.16% 98.656 3 Template:Navbox"," 11.56% 93.806 1 Template:Hacking_in_the_2010s"," 9.92% 80.510 20 Template:Cite_news"," 9.87% 80.141 8 Template:Main_other"," 9.54% 77.389 1 Template:SDcat"," 8.71% 70.708 1 Template:Infobox_organization"]},"scribunto":{"limitreport-timeusage":{"value":"0.457","limit":"10.000"},"limitreport-memusage":{"value":6701148,"limit":52428800}},"cachereport":{"origin":"mw-web.codfw.main-5767f597fb-7x6ff","timestamp":"20241127225341","ttl":2592000,"transientcontent":false}}});});</script> <script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"Article","name":"Lazarus Group","url":"https:\/\/en.wikipedia.org\/wiki\/Lazarus_Group","sameAs":"http:\/\/www.wikidata.org\/entity\/Q19284445","mainEntity":"http:\/\/www.wikidata.org\/entity\/Q19284445","author":{"@type":"Organization","name":"Contributors to Wikimedia projects"},"publisher":{"@type":"Organization","name":"Wikimedia Foundation, Inc.","logo":{"@type":"ImageObject","url":"https:\/\/www.wikimedia.org\/static\/images\/wmf-hor-googpub.png"}},"datePublished":"2016-03-01T03:40:18Z","dateModified":"2024-11-10T19:02:10Z","headline":"North Korean cybermilitary unit"}</script> </body> </html>