Security news aggregator

Latest coverage for Lazarus

Coverage of reported Lazarus-linked intrusions, infrastructure, disruption efforts, and defensive guidance that helps explain cybersecurity risks.

17 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Lazarus is a name used by security researchers and public authorities for a suspected, loosely defined intrusion set associated with multiple malware and cyber-espionage operations. The label may cover related but not identical activity, and attribution can change as technical evidence is reassessed. Public reporting has connected the name to incidents involving credential theft, malicious software, theft of funds, and disruptive attacks; those reports should not automatically be treated as proof that every campaign sharing similar tooling has the same operator.

For defenders, coverage under this tag is most useful when it identifies the initial access path, affected software, infrastructure, and evidence supporting attribution. Practical priorities include phishing-resistant multifactor authentication for privileged and remote access, prompt remediation of exploited internet-facing systems, application allowlisting for sensitive environments, and monitoring for unusual authentication, scripting, and outbound connections. During a suspected intrusion, preserve endpoint, identity, email, and network logs before containment changes evidence, then scope for stolen credentials and persistence across connected systems.

Volume over time

Weekly headline count for the current query.

Showing 17 most recent headlines Filtered view
Bank Info Security 3 months, 3 weeks ago

Cryptohack Roundup: Hacker Mints $24M From Resolv

Also: SEC Drops BitClout Founder Case, BlockFills Files for Chapter 11This week, a hacker minted $24M from Resolv, SEC dropped its case against BitClout founder, BlockFills filed for Chapter 11, Bitrefill linked hack to Lazarus, OpenClaw phishing scam hit devs, global law enforcement crackdown on scams and Balancer Labs to wind down after $128M exploit.

Bank Info Security 4 months, 3 weeks ago

North Korean Hackers Continue to Target US Healthcare

Report: Lazarus Group Pivoting to Medusa Ransomware for Extortion AttacksNorth Korean-state backed Lazarus Group hackers are using Medusa ransomware in extortion attacks on U.S. healthcare entities despite a 2024 U.S. indictment of Rim Jong Hyok, an alleged member of the Lazarus subgroup Stonefly, according to a new threat intelligence report.

Bank Info Security 7 months, 1 week ago

Cryptohack Roundup: Authorities Shutter Cryptomixer

Also: Anthropic Warns of Autonomous AI Exploits on BlockchainThis week, authorities shutter Cryptomixer, Anthropic warns about autonomous AI exploits, U.K. plans ban on crypto political donations, Do Kwon seeks leniency, Lazarus Group suspected in Upbit theft, Balancer's post-exploit plans and Yearn recovers some hacked amount.

Bank Info Security 9 months, 3 weeks ago

North Korea Fake Job Recruiters Up Their Backdoor Game

Eset: Lazarus Group Shares Backdoor With Newer Pyongyang Threat ActorA gang of North Korean hackers behind fake IT job recruitment scams now have access to a remote access Trojan favored by their more technically advanced counterparts tracked collectively as the Lazarus Group, say security researchers.

Also: CoinMarketCap Attack, BitPro Blames Lazarus for $11M HackThis week, a new malware targeted crypto wallets via photos, CoinMarketCap faced attack, BitoPro blamed Lazarus for heist, Trezor warned of phishing scam, France saw another crypto kidnapping, cops re-arrested teen after second theft, Hacken blamed human error for exploit and Self Chain ousted CEO.

Also: Criminal Charges in France Against Suspected Crypto Millionaire KidnappersThis week, U.S. SEC dropped its civil case against Binance, Zhao; France charged 25 in crypto kidnap plot; Hackers stole $3 million in Force Bridge exploit. A Singapore court rejected Wazirx restructuring plan, and BitMEX thwarted a Lazarus Group hacking attempt.

Bank Info Security 1 year, 3 months ago

Lazarus Expands NPM Campaign With Trojan Loaders

North Korea's Lazarus Deploys Malicious NPM Packages to Steal DataNorth Korea's Lazarus Group expanded a malicious campaign of uploading malicious code to the JavaScript runtime environment npm repository, publishing 11 packages embedded with Trojan loaders. Researchers identified 11 malicious packages in the repository, a hotspot for supply chain attacks.

Bank Info Security 1 year, 8 months ago

Cryptohack Roundup: FTX Files Lawsuits to Recover Funds

Also: Arrests in $232M Scam, Guilty Plea in $73M Pig-Butchering CaseThis week, FTX sued to recover money, FTX's Caroline Ellison began her prison sentence, South Korea arrested hundreds in $232M scam, a guilty plea in a $73M pig-butchering case, BlueNoroff launched a new attack campaign, GodFather malware and WonderFi CEO kidnapped and released after ransom payment.

Bank Info Security 1 year, 8 months ago

Mac Malware Threat: Hackers Seek Cryptocurrency Holders

Lazarus Group in Particular Using Cross-Platform Languages to Hit macOS TargetsCryptocurrency-seeking hackers are increasingly targeting macOS users. So warn security researchers as they track a rise in macOS backdoors and information-stealing malware, much of which traces back to a well-known cryptocurrency heist culprit: North Korea.

Bank Info Security 1 year, 9 months ago

Cryptohack Roundup: Delta Prime, Ethena Exploits

Also: US SEC Settles With Prager Metis, Rari CapitalThis week, Delta Prime and Ethena were hacked, Lazarus' funds were frozen, the SEC settled with Prager Metis and Rari Capital, Sam Bankman-Fried sought a new trial, the SEC accused NanoBit and CoinW6 of scams, the CTFC sought to fight pig butchering, and Wormhole integrated World ID and Solana.

Bank Info Security 1 year, 10 months ago

North Korea Exploited Windows Zero-Day to Deploy Fudmodule

Lazarus Espionage Group's Sophisticated Malware Evades Antivirus MonitoringNorth Korea's Lazarus hacking team, which focuses on cryptocurrency theft and espionage, has once again been exploiting a zero-day vulnerability in Microsoft Windows to install antivirus-suppressing malware dubbed Fudmodule to aid its intrusions.

Also: $5M for Info on the Crypto Queen; Attacks on BtcTurk and CoinStatsThis week, crypto stealer convicted, reward for info on Crypto Queen increased, BtcTurk and CoinStats suffered cyberattacks, Lazarus blamed for Alex Lab hack, Nigeria refuted allegations of ill treatment, sentencing in Hydrogen Technology case, Binance fined in India, and FBI warned of crypto scams.

Bank Info Security 2 years, 1 month ago

RedTail Cryptomining Malware Exploits PAN-OS Vulnerability

Threat Actors Mirror the Tactics of North Korea's Lazarus GroupCryptomining malware that might be North Korean in origin is targeting edge devices, including a zero-day in Palo Alto Networks' custom operating system that the company hurriedly patched in April. It appears threat actors operate their own mining pools or pool proxies rather than using public ones.

Bank Info Security 2 years, 4 months ago

Lazarus Group Exploits Windows AppLocker Driver Zero-Day

Microsoft Fixed Bug in February That Gave Kernel-Level Access to North Korean APTNorth Korea's Lazarus hackers exploited a Windows AppLocker driver zero-day to gain kernel-level access and turn off security tools that could detect the group's bring-your-own-vulnerable-driver exploitation techniques. Microsoft fixed the bug in its February patch dump.

Bank Info Security 2 years, 7 months ago

Lazarus Exploits Log4Shell to Deploy Telegram-Based Malware

North Korean Hackers Deploy Novel Malware FamiliesNorth Korean hacking group Lazarus Group is exploiting Log4Shell to target manufacturing, agriculture and physical security sectors, resulting in the deployment of a tailored implant on compromised systems. The attack campaign targeted publicly accessible VMware Horizon servers.

Bank Info Security 2 years, 7 months ago

North Korean Hackers Steal South Korean Anti-Aircraft Data

Andariel Group Rented Server to Steal 1.2TB of Data, Extort $357,000 in RansomsSeoul police have accused the North Korean hacker group Andariel of stealing sensitive defense secrets from South Korean defense companies and laundering ransomware proceeds back to North Korea. The hackers stole 1.2TB of data, including information on advanced anti-aircraft weapons.