Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Lazarus Arisen: Architecture, Tools and Attribution
← Research Hub

Lazarus Arisen: Architecture, Tools and Attribution

The only in-depth report outlining multiple layers of Lazarus infrastructure, thorough analysis of hacker’s tools and evidence leading to North Korean IP addresses
View report

Inside the report:

Indicators of compromise to check if your organisation was, or is, under attack by LazarusIndicators of compromise to check if your organisation was, or is, under attack by Lazarus

Detailed description of infrastructure used by Lazarus to cover up tracks leading to North KoreaDetailed description of infrastructure used by Lazarus to cover up tracks leading to North Korea

In-depth analysis of tools that allowed attackers to stay unnoticed in the corporate infrastructureIn-depth analysis of tools that allowed attackers to stay unnoticed in the corporate infrastructure

Tactics, Techniques, Procedures (TTPs) and recommendations on how to prevent infectionTactics, Techniques, Procedures (TTPs) and recommendations on how to prevent infection

Due to continued media attention and alleged connections to North Korea, Lazarus has become a well‑known hacking group. However, existing attribution based primarily on malware code similarities is not always reliable.

Group-IB identified new non-malware evidence of North Korean involvement in recent attacks, revealing their chain of anonymized nodes and C&C infrastructure — allowing better understanding of their goals and motivation. This report contains an in-depth review of North Korean cyber division tools and tactics as well as recommendations on how to track their involvement in recent attacks on financial institutions and other critical infrastructure.

Dmitry Volkov
Dmitry Volkov
Chief Executive Officer

Advanced protection against cyber threats

Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.
Threat Intelligence
Threat Intelligence
Fraud Protection
Fraud Protection
Managed XDR
Managed XDR
Digital Risk Protection
Digital Risk Protection

Relevant reports

We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:

OldGremlin Ransomware: Never Ever Feed Them after The Locknight
Threat Research
OldGremlin Ransomware: Never Ever Feed Them after The Locknight
The case of OldGremlin illustrates how the ransomware industry has evolved in recent years....
Learn moreDownload report
Ransomware Uncovered 2021/2022
Threat Research
Ransomware Uncovered 2021/2022
The well-known complete guide to the latest tactics, techniques, and procedures of ransomware operators...
Learn moreDownload report
Conti Armada: The ARMattack Campaign
Threat Research
Conti Armada: The ARMattack Campaign
Take a deep dive into “ARMattack”, one of the shortest yet most successful campaigns...
Learn moreDownload report
RedCurl: The Awakening
Threat Research
RedCurl: The Awakening
Commercial cyber espionage remains a rare and largely unique phenomenon. We cannot rule out,...
Learn moreDownload report
UltraRank: The Unexpected Twist of a JS-Sniffer Triple Threat
Threat Research
UltraRank: The Unexpected Twist of a JS-Sniffer Triple Threat
New stage in JS-sniffers research. From analyzing malware families to identifying threat actors
Learn moreDownload report