True crime news logo
    • Krimidex

Sign up for our newsletter and get the latest stories

Never miss the latest true crime news, reviews and top lists — plus new podcasts, series, films and books.

You can unsubscribe with one click from any email.

True crime news logo

The international true crime destination. Cases, documentaries, podcasts and travel routes.

© 2026 truecrime.news. All rights reserved.

The Lazarus Heist: exposing the global cyber threat
Podcast
•
May 26, 2025 at 10:00 PM

Inside Lazarus: North Korea's $2 Billion Cyber Empire

How a state-sponsored hacker group finances Pyongyang's nuclear ambitions through global cyberattacks

About This Episode

ProduzentThe Lawfare Institute
Episoden2000
GenrePolitik & Cyberkriminalität
Neueste Episode4. April 2026

Since at least 2009, a sophisticated hacking operation known as the Lazarus Group has waged one of the most audacious cyber campaigns in modern history—all in service of North Korea's government. The FBI has confirmed this state-sponsored group operates as a financial lifeline for Pyongyang, generating illicit revenue to fund nuclear weapons development while the regime faces crippling international sanctions.

The group operates under multiple aliases: Guardians of Peace, APT38, Hidden Cobra, and Diamond Sleet among others. What distinguishes Lazarus from typical cybercriminals is its structure—a hierarchical organization with teams of varying skill levels, including a specialized financial attack unit called Bluenoroff. This division of labor reflects a quasi-military approach to cyber warfare, transforming hacking into an industrial operation.

The scale of their theft is staggering. In March 2022, Lazarus Group executed a $620 million heist against the Ronin Network, a cryptocurrency platform. More recently, in June 2025, they allegedly stole $1.5 billion from the Bybit cryptocurrency exchange in a matter of minutes—a theft the FBI directly attributed to the group and linked to Kim Jong-un's nuclear financing strategy. Their 2016 attack on the Bangladesh Central Bank netted $81 million, with operatives attempting to steal even more before authorities intervened.

Beyond cryptocurrency theft, Lazarus has demonstrated willingness to deploy destructive weapons. In May 2017, the group released WannaCry, a ransomware that spread globally within hours, encrypting files on hundreds of thousands of machines and demanding $300 to $600 in Bitcoin from victims. The attack paralyzed hospitals, government agencies, and private companies across continents—a watershed moment proving North Korea could wage asymmetric warfare against enemies without firing a shot.

Their targets span multiple continents and sectors. South Korea and the United States remain primary adversaries; attacks have targeted government institutions, defense contractors, and financial systems. The group has also shown interest in biotech companies and universities conducting COVID-19 research. European defense firms have been infiltrated through Operation Dream Job, which deployed sophisticated malware called ScoringMathTea.

What makes Lazarus particularly dangerous is their operational tradecraft. Rather than relying solely on zero-day exploits, they've mastered social engineering at scale. Operatives pose as IT recruitment specialists, creating fake job postings on GitHub and Telegram. Using stolen identities and fabricated CVs, they lure target employees into remote work schemes. Once victims download remote access tools like AnyDesk or Google Remote Desktop, attackers gain entry to corporate networks. Some operations even employ AI-powered interview tools to appear legitimate.

The motivation is ruthlessly pragmatic. North Korea cannot participate in global banking systems or international trade. Sanctions isolate the regime economically. Cyber theft becomes not an option but a necessity—a way to convert digital access into hard currency and cryptocurrency, which can be laundered through exchanges and peer-to-peer networks.

U.S. federal agencies have begun fighting back. According to recent investigations, authorities are conducting arrests targeting North Korean "laptop farms"—operations where government hackers rent office space and execute attacks using leased infrastructure. These raids aim to dismantle the supply chain enabling remote work fraud and financial theft.

North Korea has consistently denied involvement, claiming U.S. allegations are propaganda designed to damage its international reputation. Yet the evidence—corroborated by the FBI, U.S. Department of Justice, and private cybersecurity firms—paints a clear picture: a state actor using the internet as a weapon and a bank.

As cryptocurrency markets grow and digital infrastructure becomes more critical to global commerce, the Lazarus Group's activities raise urgent questions about attribution, deterrence, and whether traditional law enforcement can contain a threat originating from beyond the reach of conventional prosecution.

**Sources**

https://en.wikipedia.org/wiki/Lazarus_Group

https://www.nccgroup.com/the-lazarus-group-north-korean-scourge-for-plus10-years/

https://www.youtube.com/watch?v=p9BUGyeMthU

https://www.youtube.com/watch?v=jzLbCPz3PqE

https://thehackernews.com/2025/10/north-korean-hackers-lure-defense.html

About This Episode

ProduzentThe Lawfare Institute
Episoden2000
GenrePolitik & Cyberkriminalität
Neueste Episode4. April 2026
Related Content
A compromised Microsoft Exchange server displays a terminal screen filled with cryptic code, cables snaking out as a technician in the background examines the setup, symbolizing the widespread impact of the 2021 Hafnium cyberattack.

Chinese State Hackers Breached Thousands via Microsoft Exchange

A figure resembling Kim Jong-un watches a scene from "The Interview" on a laptop screen, the Sony Pictures logo visible in the background, symbolizing the motive behind the North Korean cyber attack on Hollywood.

North Korea's Hack on Sony: A Cyber Attack on Free Speech

A computer screen displaying the WannaCry ransomware message, with Bitcoin symbols and a countdown timer, amid a chaotic office with disorganized NHS documents under flickering fluorescent lights.

WannaCry: The Ransomware Attack That Crippled the NHS

A cracked Equifax logo on a glass door with reflection of anonymous figures in suits, symbolizing espionage and security failure, against the backdrop of a busy urban landscape.

U.S. Charges Chinese Military Officers in Massive Equifax Hack

Advertisement
Del dette opslag: