Threat Actor Profile

Lazarus Group

State-sponsored threat group originating from KP. Suspected sponsor: Korea (Democratic People's Republic of). Known to target Government, Private sector. Uses 157 known MITRE ATT&CK techniques.

157 TTPs Mapped 2 Industries Tracked Real-Time Alerts

OriginKP

157MITRE TTPs

2Sectors Hit

Actor Overview

Origin Country

Suspected Sponsor

Korea (Democratic People's Republic of)

Known Techniques

157 TTPs

Target Industries

GovernmentPrivate sector

Suspected Victims

South KoreaBangladesh BankSony Pictures EntertainmentUnited StatesThailandFranceChinaHong KongUnited KingdomGuatemalaCanadaBangladeshJapanIndiaGermanyBrazilThailandAustraliaCryptocurrency exchanges in South Korea

MITRE ATT&CK Techniques

T1134T1134.002T1087T1087.002T1098T1583T1583.001T1583.004T1583.006T1557T1557.001T1071T1124T1071.001T1010 +142 more

Related Threat Reports

Premium

APT Campaign Analysis - Q4 2025Dec 2025

New Tactics Observed in WildDec 2025

Infrastructure Mapping ReportDec 2025

Stay Updated

Get alerts when new intel on Lazarus Group is published.

Actor Details

Primary Name

Lazarus Group

Known Aliases

Operation DarkSeoul, Dark Seoul, Hidden Cobra, Hastati Group, Andariel, Unit 121, Bureau 121, NewRomanic Cyber Army Team, Bluenoroff, Subgroup: Bluenoroff, Group 77, Labyrinth Chollima, Operation Troy, Operation GhostSecret, Operation AppleJeus, APT38, APT 38, Stardust Chollima, Whois Hacking Team, Zinc, Appleworm, Nickel Academy, APT-C-26, NICKEL GLADSTONE, COVELLITE, ATK3, G0032, ATK117, G0082, Citrine Sleet, DEV-0139, DEV-1222, Diamond Sleet, ZINC, Sapphire Sleet, COPERNICIUM, TA404, Lazarus group, BeagleBoyz

Data Source

Precursor Intelligence

Need API Access?

Integrate threat actor data into your SIEM or SOAR.

View Plans →