Gain comprehensive knowledge about the Lazarus Group and its operational history.

Taiwo Owolabi
2 min readOct 24, 2023


Okay, below are your answers.

The Lazarus Group, also known as Hidden Cobra,is a highly sophisticated and infamous state sponsored cybercriminal organization with a history dating back to the early 2000s. This group has been linked to a wide range of cyberattacks, including financial fraud, espionage, and destructive campaigns.

Below is a detailed history of the Lazarus Group:

Emergence and Early Activities (2000s): The Lazarus Group is believed to have originated in North Korea, with its activities emerging around the early 2000s. Initially, it focused on traditional cybercrime activities like distributed denial-of-service (DDoS) attacks and hacking for financial gain.

2. Targeting South Korea (2007): In 2007, the group expanded its operations by targeting South Korean websites and organizations. It launched DDoS attacks and defacement campaigns against South Korean government sites and media outlets.

3. Operation Troy (2013): In 2013, the Lazarus Group launched a significant cyberespionage campaign called “Operation Troy.” The primary target was South Korean media companies, and the attackers used advanced tactics, including spear-phishing emails.

4. Sony Pictures Hack (2014): One of the most well-known and disruptive attacks attributed to the Lazarus Group occurred in 2014 when they targeted Sony Pictures. This attack resulted in the leakage of sensitive data, employee emails, unreleased films, and the destruction of thousands of computers. The U.S. government later attributed this attack to North Korea.

5. Bangladesh Bank Heist (2016): In 2016, the Lazarus Group was linked to the cyber heist of $81 million from the Bangladesh Bank. The attackers used fraudulent SWIFT messages to transfer funds from the bank’s account at the Federal Reserve Bank of New York to accounts in the Philippines.

6. WannaCry Ransomware (2017): The Lazarus Group is believed to have been involved in the WannaCry ransomware attack that swept the globe in 2017. WannaCry infected hundreds of thousands of computers in over 150 countries, causing widespread disruption.

7. Crypto Theft and Evolving Tactics: In addition to traditional cyberattacks, the Lazarus Group has been involved in stealing cryptocurrencies, targeting cryptocurrency exchanges, and launching phishing campaigns. Their tactics have continued to evolve, adapting to the changing cybersecurity landscape.

8. Ongoing Threat: The Lazarus Group remains an ongoing threat, with its activities still being monitored by cybersecurity experts and government agencies. The group’s affiliation with the North Korean government adds a layer of complexity to international relations and cybersecurity efforts.

9. Attribution and International Response: Attribution of attacks to the Lazarus Group is often challenging due to its use of sophisticated techniques to obfuscate its origins. However, various security firms and government agencies, including the U.S. Department of Justice, have publicly attributed numerous attacks to the group.