A Hunt for the Infamous Lazarus Group Hackers to Prevent Cyber Crime

Kaspersky Lab uncovered new activity of Lazarus – a hacking group allegedly responsible for the theft of $81 million from the Central Bank of Bangladesh in 2016. The new wave of attacks targets banks, casinos, financial investment software developers and crypto-currency businesses.

Learn more

Why Lazarus is dangerous and how to stop them

Lazarus targets banks, casinos, financial investment software developers and crypto-currency businesses. The malware attributed to this group recently has been found in 18 countries around the world, including Korea, Bangladesh, India, Vietnam, Indonesia, Costa Rica, Malaysia, Poland, Iraq, Ethiopia, Kenya, Nigeria, Uruguay, Gabon, Thailand and several other countries.

How they attack:

  • Lazarus/Bluenoroff group finds a vulnerability in one of servers in the targeted organization OR
  • They would infect a website which employees of a targeted organization often visit
  • They would infect the IT infrastructure of the target with malware and would identify where a server running SWIFT software is installed
  • They would download additional malware to interact with SWIFT software and would try to drain the organization’s accounts.

How to stop the Lazarus/Bluenoroff group:

  • If your organization has software tools for conducting money transactions, like SWIFT software, invest into additional protection and regular security assessment in addition to standard protection measures implemented on all other parts of the organization's network.
  • Protect backup servers as they contain information that can be of use for attackers: passwords, logins, and authentication tokens.
  • When deploying specialized software for money processing follow recommendations and best security practices from your software vendor and security professionals.
  • In case of suspicion of intrusion, request for professional assistance with incident response. The Lazarus cases which Kaspersky Lab have investigated, show that even if attackers made it inside the network it is still not too late to conduct actions which will prevent financial and reputation losses.

Related articles

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.

Accept and Close