Indicators of compromise to check if your organisation was, or is, under attack by Lazarus
Detailed description of infrastructure used by Lazarus to cover up tracks leading to North Korea
In-depth analysis of tools that allowed attackers to stay unnoticed in the corporate infrastructure
Tactics, Technics, Procedures (TTPs) and recommendations on how to prevent infection
Due to continued media attention and alleged connections to North Korea, Lazarus has become a well‑known hacking group. However, existing attribution based primarily on malware code similarities is not always reliable.
Group-IB identified new non-malware evidence of North Korean involvement in recent attacks, revealing their chain of anonymized nodes and C&C infrastructure — allowing better understanding of their goals and motivation. This report contains an in-depth review of North Korean cyber division tools and tactics as well as recommendations on how to track their involvement in recent attacks on financial institutions and other critical infrastructure.
Head of Threat Intelligence Department
Threat Intelligence subscribers are always on the forefront and have been informed about Lazarus activities. The earliest indicator of compromise detected by Group-IB is dated March 2016. This was directly after the Central Bank of Bangladesh incident. Following this incident, the group modified its tactics and tools, adapting them to the changing environment and misleading researchers.
We help to prevent and investigate cyber attacks at every stage, from reconnaissance or preparation to threat actors taking actions to achieve objectives. Furthermore, we prevent the spread of the attack and ensure that your infrastructure is clean of the presence of infection.
Contact us to learn more: +7 495 984-33-64 or firstname.lastname@example.org
Learn about threats, leakages, attacks, and hacking activity before they can harm your business
Detect malicious incidents in your internal network to prevent intrusions, attacks, data leaks, and espionage
Get the most of your antifraud systems and instantly protect all of your clients
Protect your customers and citizens with innovative solutions for e‑commerce & e‑government
Group-IB is one of the global leaders in preventing and investigating high-tech crimes and online fraud.
Since 2003, the company has been active in the field of computer forensics and information security, protecting the largest international companies against financial losses and reputation risks.
We are recognized by Gartner as a threat intelligence vendor providing leading insight to the Eastern European region and recommended by the Organization for Security and Co-operation in Europe (OSCE). In 2017 IDC Report named Group-IB the leader of the Russian Threat Intelligence Services Market.
Group-IB’s experience and threat intelligence has been fused into an eco-system of highly sophisticated software and hardware solutions to monitor, identify and prevent cyber threats.Learn more