Lazarus Group
This threat actor targets and compromises entities primarily in South Korea and South Korean interests for espionage, disruption, and destruction. It has also been known to conduct cyber operations for financial gain, including targeting cryptocurrency exchanges. In 2018, the U.S. Department of Homeland Security issued a malware analysis report on a tool called Typeframe used by the Lazarus Group. In September 2018, the U.S. Department of Justice criminally charged and sanctioned Park Jin-hyok and Chosun Expo Joint Venture, alleged members of this threat actor.
Suspected victims
  • South Korea
  • Bangladesh Bank
  • U.S. defense contractors
  • Sony Pictures Entertainment
  • Defense companies in Israel and the Middle East
  • United States
  • Global banks
Suspected state sponsor
  • Korea (Democratic People's Republic of)
Type of incident
  • Espionage
Target category
  • Government
  • Private sector