Affiliations
- Believed to be responsible for Dark Seoul, Ten Days of Rain, the Sony Pictures Entertainment attack, the SWIFT-related bank heists, WannaCry, and Operation GhostSecret. Believed to use the same tools as Covellite. Known to the U.S. government as Hidden Cobra. Also known as BlueNoroff and Temp.Hermit.
This threat actor targets and compromises entities primarily in South Korea and South Korean interests for espionage, disruption, and destruction. It has also been known to conduct cyber operations for financial gain, including targeting cryptocurrency exchanges. In 2018, the U.S. Department of Homeland Security issued a malware analysis report on a tool called Typeframe used by the Lazarus Group.
In September 2018, the U.S. Department of Justice criminally charged and sanctioned Park Jin-hyok and Chosun Expo Joint Venture, alleged members of this threat actor.
Suspected victims
- South Korea
- Bangladesh Bank
- U.S. defense contractors
- Sony Pictures Entertainment
- Defense companies in Israel and the Middle East
- United States
- Global banks
Suspected state sponsor
- Korea (Democratic People's Republic of)
Type of incident
- Espionage
Target category
- Government
- Private sector