The Story of The Lazarus Hacker Group

In the world of cybersecurity, few names strike as much fear and awe as the Lazarus Group. This elusive hacking collective is widely considered to be one of the most sophisticated, persistent, and dangerous organizations in the world.

The origin story

The origins of the Lazarus Group are shrouded in mystery, but it is widely believed that the group is based in North Korea and is backed by the country’s government.

After all, the government has complete control over the internet and therefore it would be virtually impossible for these groups to act independently. The United States Federal Bureau of investigation even defines them as being a “state-sponsored hacking organization”.

To back this statement, several reports indicate that the Lazarus hackers are recruited as young as11 years old by the government and given spacious apartments while also being exempt from the draft.

Lazarus often sends these recruits for training exercises in Shenyang China where they learn to deploy malware. They certainly have the resources to back their status.

Operation Troy

But you guys are probably wondering when they launched their first attack. Well this was back in 2009 with operation Troy, when they were implicated in a series of DDoS attacks against South Korean government agencies in Seoul.

They target over 30 websites and placed the text “memory of independence day” in the master boot record. Although these attacks were largely unsophisticated this would lay the groundwork for what would come.

Over the years, the Lazarus Group has only become more skilled and more audacious. In March 2011 they undertook operation Ten Days of Rain wreaking havoc on South Korean media, financial infrastructure, and US military facilities.

Sony Pictures attack

But their perseverance didn’t stop there and in 2014 they would infiltrate Sony pictures servers and gain access to employee records, emails, and unreleased films, causing an estimated $15 million in damages.

During this hack, they also threatened cinemas with terrorist attacks in response to the upcoming satirical film the “interview” which poked fun at both Kim Jong Un and North Korea.

Sadly, over security concerns many cinemas chose not to screen the film, Sony also canceled the premiere and it went straight to digital release. Even back then they were a force to be reckoned with.

Bangladeshi central bank heist

However, their most notable attack was in 2016 when they infiltrate the Federal Reserve Bank of New York and stole over $60 million that belonged to the Bangladesh Central Bank.

At first, the hackers managed to get ahold of the Bangladeshi account credentials and authorize the illegal transfer of close to $1 Billion over the SWIFT banking network.

Despite the majority of the money being recovered, the hackers managed to get away with over $60 million which was transferred to the Philipines.

WannaCry ransom attack

If that wasn’t bad enough the hackers then performed the WannaCry ransom attack which affected over 150,00 computers spanning 150 countries.

Anyone from the NHS in the UK to the plane manufacturer Boeing was effected. Essentially, this ransom attack was a computer worm that spread autonomously and exploited a vulnerability in windows OS.

It encrypted files on the user’s computer and to decrypt the files the user had to pay around $300 in Bitcoin for the key, albeit the key wasn’t actually useful.

While they only collected around $150,000 before the worm was stopped, the majority of the damage was from the files that were never recovered.

Cryptocurrency hack

More recently Lazarus has turned to cryptocurrency hacking. In March of 2022, they infiltrated the popular online crypto game Axie Infinity, stealing a mind-blowing $625 million from the Ethereum side chain known as the Ronin Network.

All in all, 148,000 Ethereum from the games treasury was stolen and is currently being laundered via Bitcoin mixers, intermediary wallets, and swapping between blockchains.

Currently, these transactions are being monitored by the FBI who estimate that over %14 of the funds have already been laundered, so it will certainly be interesting to see how this situation develops.

If you want to view this article in a more visual format then please check out my video below:


At the end of the day, the Lazarus Group is a stark reminder of the dangers of the digital age. The group is a highly skilled and persistent cyber hacking organization that continues to wreak havoc on governments, corporations, and individuals around the world.

I hope you found this article useful and thanks for reading it. Want to learn about Russia’s surveillance state? Click here to read my previous article.