Lazarus Group
| Formation | c. 2009 |
|---|---|
| Founder | Unknown |
| Type | Advanced persistent threat |
| Purpose | Cyberespionage, cyberwarfare |
| Location |
|
| Methods | Zero-days, spearphishing, malware, disinformation, backdoors, droppers |
| Membership | Unknown |
Official language | Korean (native) English (international) |
Parent organization | Lab 110 and Bureau 121 |
| Affiliations | Bureau 121, Unit 180, AndAriel |
Formerly called | APT38 Gods Apostles Gods Disciples Guardians of Peace ZINC Whois Team Hidden Cobra |
The Lazarus Group (also known as the Guardians of Peace or Whois Team) is a state-sponsored hacker group made up of unknown members, alleged to be run by the government of North Korea. While not much is known about the group, researchers have attributed many cyberattacks to them since the 2010s.
Originally deemed as a clandestine criminal group, the group has now been designated as an advanced persistent threat due to its intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra (used by the United States Department of Homeland Security to refer to malicious cyber activity by the North Korean government in general), ZINC and Diamond Sleet (by Microsoft). According to North Korean defector Kim Kuk-song, the unit is known internally as the 414 Liaison Office.
The Lazarus Group has strong links to North Korea. The United States Department of Justice has claimed the group is part of the North Korean government's strategy to "undermine global cybersecurity ... and generate illicit revenue in violation of ... sanctions". North Korea benefits from conducting cyber operations because it can present an asymmetric threat with a small group of operators, especially to South Korea.