Date of report
- Feb 2016
Affiliations
This threat actor targets and compromises entities primarily in South Korea and South Korean interests for espionage, disruption, and destruction. It has also been known to conduct cyber operations for financial gain, including targeting cryptocurrency exchanges. In 2018, the U.S. Department of Homeland Security issued a malware analysis report on a tool called Typeframe used by the Lazarus Group.
In September 2018, the U.S. Department of Justice criminally charged and sanctioned Park Jin-hyok and Chosun Expo Joint Venture, alleged members of this threat actor.
Suspected victims
- South Korea, Sony Pictures Entertainment , United States, Bangladesh Bank, Defense companies in Israel and the Middle East, Global banks, U.S. defense contractors
Suspected state sponsor
- Korea (Democratic People's Republic of)
Type of incident
- Espionage
Target category
- Government
- Private sector