Lazarus Arisen: Architecture, Tools, Attribution | Group-IB Research (original) (raw)

Inside the report:

Due to continued media attention and alleged connections to North Korea, Lazarus has become a well‑known hacking group. However, existing attribution based primarily on malware code similarities is not always reliable.

Group-IB identified new non-malware evidence of North Korean involvement in recent attacks, revealing their chain of anonymized nodes and C&C infrastructure — allowing better understanding of their goals and motivation. This report contains an in-depth review of North Korean cyber division tools and tactics as well as recommendations on how to track their involvement in recent attacks on financial institutions and other critical infrastructure.

Advanced protection against cyber threats

Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.