Inside Lazarus: North Korea's $2 Billion Cyber Empire

Since at least 2009, a sophisticated hacking operation known as the Lazarus Group has waged one of the most audacious cyber campaigns in modern history—all in service of North Korea's government. The FBI has confirmed this state-sponsored group operates as a financial lifeline for Pyongyang, generating illicit revenue to fund nuclear weapons development while the regime faces crippling international sanctions.

The group operates under multiple aliases: Guardians of Peace, APT38, Hidden Cobra, and Diamond Sleet among others. What distinguishes Lazarus from typical cybercriminals is its structure—a hierarchical organization with teams of varying skill levels, including a specialized financial attack unit called Bluenoroff. This division of labor reflects a quasi-military approach to cyber warfare, transforming hacking into an industrial operation.

The scale of their theft is staggering. In March 2022, Lazarus Group executed a $620 million heist against the Ronin Network, a cryptocurrency platform. More recently, in June 2025, they allegedly stole $1.5 billion from the Bybit cryptocurrency exchange in a matter of minutes—a theft the FBI directly attributed to the group and linked to Kim Jong-un's nuclear financing strategy. Their 2016 attack on the Bangladesh Central Bank netted $81 million, with operatives attempting to steal even more before authorities intervened.