Threat Actor Profile: Lazarus Group

2025-09-02 • Cyble •

https://cyble.com/threat-actor-profiles/lazarus-group/

#Lazarus #T1059.003 #T1566.002 #T1566.003 #T1566.001 #T1053.005 #T1059.001 #T1203 #T1189 #T1047

Cyble profiles Lazarus Group as a North Korean state-sponsored actor conducting financially motivated intrusions, espionage, ransomware, supply-chain compromise, and cryptocurrency and fintech targeting alongside broader activity against defense, government, healthcare, technology, and other high-value sectors. The profile links Lazarus tradecraft to spearphishing attachments and links, LinkedIn and social-media lures in Operation Dream Job, drive-by compromise of legitimate websites, malicious macros, PowerShell, WMIC, scheduled tasks, command-shell execution, credential misuse, and exploitation of client-side vulnerabilities such as Adobe Flash CVE-2018-4878. It lists a broad malware arsenal that includes backdoors such as BADCALL and Dtrack, credential-theft tools such as Mimikatz and ProcDump, loaders and downloaders, tunneling tools, wipers, and Hermes ransomware. The cited aliases, global targeting footprint, and campaigns such as DarkSeoul, WannaCry, Operation Dream Job, and supply-chain attacks make the profile useful for mapping Lazarus capabilities across both espionage and revenue-generating operations.

Related Actors

Lazarus

Novetta

First seen: Feb 2016

Last seen: Jun 2026

Related Reports

2025-08-13 • 80% Match

APT PROFILE – LAZARUS GROUP

Cyfirma

#Lazarus #T1102.002 #T1082 #T1059.003 #T1567.002 #T1140 #T1584.004 #T1005 #T1070.004 #T1587.001 #T1041 #T1560 #T1608.001 #T1071.001 #T1046 #T1083 #T1056.001 #T1204.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1566.003 #T1124 #T1057 #T1059.005 #T1583.006 #T1566.001 #T1547.001 #T1585.002 #T1053.005 #T1583.001 #T1059.001 #T1036.005 #T1132.001 #T1001.003 #T1585.001 #T1497.001 #T1105 #T1553.002 #T1620 #T1574.002 #T1562.001 #T1027.002 #T1489 #T1078 #T1008 #T1571 #T1491.001 #T1218 #T1220 #T1203 #T1189 #T1049 #T1564.001 #T1098 #T1016 #T1074.001 #T1588.002 #T1562.004 #T1591 #T1218.011 #T1583.004 #T1036.004 #T1588.003 #T1218.010 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1048.003 #T1134.002 #T1027.007 #T1021.001 #T1106 #T1090.001 #T1573 #T1070 #T1047 #T1574.013 #T1561.001 #T1036.003 #T1529 #T1055.001 #T1614.001 #T1010 #T1021.002 #T1033 #T1543.003 #T1485 #T1090.002 #T1542.003 #T1560.002 #T1012 #T1110 #T1547.009 #T1110.003 #T1534 #T1588.004 #T1104 #T1591.004 #T1561.002 #T1608.002 #T1202 #T1221 #T1557.001 #T1087.002 #T1560.003 #T1070.003 #T1021.004

Shares tags: Lazarus, T1059.003, T1566.002 • Published within a month

2025-08-25 • 60% Match

GolangGhost - Comprehensive Threat Intelligence Report

Bloo

#Lazarus #GolangGhost #T1059.003 #T1140 #T1005 #T1070.004 #T1041 #T1113 #T1071.001 #T1115 #T1083 #T1056.001 #T1204.002 #T1566.002 #T1555.003 #T1057 #T1059.005 #T1518.001 #T1566.001 #T1547.001 #T1059.001 #T1497.001 #T1219 #T1574.002 #T1562.001 #T1622 #T1027.002 #T1573.001 #T1190 #T1123 #T1132.002 #T1564.001 #T1548.002 #T1055.012 #T1027.007 #T1217 #T1106 #T1027.009 #T1036.003 #T1055.002 #T1036.007 #T1059.010 #T1136.001 #T1134.004 #T1614.001 #T1574.007 #T1098.007 #T1010 #T1071.004 #T1021.002 #T1021.006

Shares tags: Lazarus, T1059.003, T1566.002 • Published within a month

2021-12-02 • 60% Match

APT Profile: Who is Lazarus Group?

SOCRadar

#Lazarus #T1102.002 #T1082 #T1059.003 #T1567.002 #T1140 #T1584.004 #T1005 #T1070.004 #T1587.001 #T1041 #T1560 #T1608.001 #T1071.001 #T1046 #T1083 #T1056.001 #T1204.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1566.003 #T1124 #T1057 #T1059.005 #T1583.006 #T1566.001 #T1547.001 #T1585.002 #T1053.005 #T1583.001 #T1059.001 #T1036.005 #T1132.001 #T1001.003 #T1585.001 #T1497.001 #T1105 #T1553.002 #T1620 #T1574.002 #T1562.001 #T1027.002 #T1489 #T1078 #T1008 #T1573.001 #T1571 #T1491.001 #T1218 #T1220 #T1203 #T1189 #T1049 #T1564.001 #T1098 #T1016 #T1074.001 #T1588.002 #T1562.004 #T1591 #T1218.011 #T1583.004 #T1036.004 #T1588.003 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1048.003 #T1134.002 #T1027.007 #T1021.001 #T1106 #T1090.001 #T1070 #T1047 #T1574.013 #T1561.001 #T1036.003 #T1529 #T1055.001 #T1614.001 #T1010 #T1021.002 #T1033 #T1543.003 #T1485 #T1090.002 #T1542.003 #T1560.002 #T1012 #T1110 #T1547.009 #T1110.003 #T1534 #T1588.004 #T1104 #T1591.004 #T1561.002 #T1608.002 #T1202 #T1221 #T1557.001 #T1087.002 #T1560.003 #T1070.003 #T1021.004 #T0865

Shares tags: Lazarus, T1059.003, T1566.002

2025-08-13 • 52% Match

DRATzarus - Comprehensive Threat Intelligence Report

Bloo

#DRATzarus #Lazarus #T1059.003 #T1140 #T1005 #T1041 #T1113 #T1071.001 #T1083 #T1204.002 #T1566.002 #T1555.003 #T1057 #T1547.001 #T1105 #T1027.002 #T1548.002 #T1036.003 #T1010 #T1021.002 #T1569.002 #T1543.003

Shares tags: Lazarus, T1059.003, T1566.002 • Published within a month

2025-08-06 • 48% Match

The $1.5B Bybit Hack & How OSINT Led to Its Attribution

Netlas

#Lazarus #Bybit #SafeWallet #T1090 #T1036 #T1204.002 #T1566.001 #T1090.002 #T1588.004

Shares tags: Lazarus, T1566.001 • Published within a month

2024-07-19 • 48% Match

APT Quarterly Highlights : Q2 2024

Cyfirma

#Trend #Andariel #Kimsuky #MoonstoneSleet #Lazarus #T1082 #T1059.003 #T1090 #T1140 #T1005 #T1070.004 #T1041 #T1113 #T1555 #T1560 #T1071.001 #T1046 #T1112 #T1115 #T1083 #T1497 #T1056.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1555.003 #T1071 #T1124 #T1222 #T1552 #T1057 #T1583.003 #T1518.001 #T1547.001 #T1053.005 #T1539 #T1608.005 #T1583.001 #T1059.001 #T1053 #T1552.001 #T1566 #T1059 #T1003 #T1497.001 #T1102.001 #T1574.002 #T1562.001 #T1490 #T1486 #T1129 #T1133 #T1571 #T1548 #T1190 #T1203 #T1564.001 #T1087 #T1562.004 #T1218.011 #T1070.006 #T1547 #T1068 #T1614 #T1573 #T1095 #T1562 #T1070 #T1047 #T1056 #T1176 #T1010 #T1033 #T1569.002 #T1543.003 #T1485 #T1012 #T1202 #T1087.002 #T1021.004 #T1222.001 #T1518 #T1564.003 #T1505.003 #T1069.002 #T1564 #T1595.002 #T1027.005 #T1070.001 #T1056.004 #T1584

Shares tags: Lazarus, T1059.003, T1566.002

« Back