- What is the Lazarus Group.
- Their State Sponsorship and Connections.
- How they are recruited and trained.
- Their Notable Cyberattacks.
While tensions of warfare continue to rise around the world, the threat of cyberattacks and cyber warfare is no different. Few names worry cybersecurity experts as much as the Lazarus Group. This skilled hacking group is believed to be supported by the North Korean government. They have been behind some of the largest and most audacious cyberattacks on global financial systems.
They have started focusing more on cryptocurrency, taking advantage of how open and unregulated the digital asset world can be.
From breaking into crypto exchanges to tricking blockchain developers with fake emails and websites, Lazarus is known for using smart hacking tools and social tricks to steal huge amounts of crypto. The U.S. Treasury and top cybersecurity companies say the group has stolen billions of dollars in digital money. Many believe this stolen money is being used to help fund North Korea’s banned weapons programs.
As governments and crypto companies work hard to fix security issues and stop future attacks, Lazarus keeps changing its tactics and staying ahead. In this report, we’ll explain who the Lazarus Group is, how they target the crypto world, and why they remain a serious threat to digital finance.
Who Is the Lazarus Group?
The Group is believed to have been active since 2009, but they became widely known in 2014 after a big cyberattack on Sony Pictures, which caused major problems and got a lot of media attention. Since then, they have been involved in many serious online attacks, including stealing money from banks and cryptocurrency companies.
This group is not made up of regular hackers. They are very skilled and organized. They use smart tools and tricks to break into computer systems. Sometimes they send fake job offers or create fake websites to fool people into clicking dangerous links or downloading harmful software.
Experts say Lazarus steals money to help North Korea, especially because the country is under strict international sanctions. This means their hacking is not just about money, it’s also a way for the North Korean government to get around global rules and support its military projects.
How Does the Lazarus Group Target the Crypto World?
The Lazarus Group doesn’t just steal crypto, they plan their attacks like high-level heists in a movie. One of their most shocking hits was the Axie Infinity hack in 2022, where they stole over $600 million in cryptocurrency by breaking into the Ronin blockchain network. It was one of the biggest crypto thefts in history.
But what made it more shocking was how they did it. They didn’t just use code, they used human psychology. A developer working for the company behind Axie Infinity received what looked like a job offer from a fake company. He opened a PDF with the job details, but what he didn’t know was that this file was full of hidden malware. That small action gave the hackers full access to the system, allowing them to move hundreds of millions of dollars, without anyone noticing until it was too late.
Lazarus also uses powerful tools, like custom-made malware and fake wallet apps, and even builds fake LinkedIn and Telegram profiles to fool crypto workers and investors. They don’t just break into systems, they trick people into opening the doors for them. Their level of planning, patience, and technology makes them one of the most dangerous groups in the world of crypto.
How Can North Korean Hackers Be So Advanced?
Many people wonder how hackers from North Korea can be so skilled. After all, North Korea is known for being cut off from the world. Most people there don’t have internet access. So how is it possible that they can pull off high-level cyberattacks?
The answer lies in a special unit of elite hackers. These hackers are handpicked from a young age, trained in math and computer science, and later sent abroad, to places like China, Russia, and Southeast Asia, where they can access the internet and carry out attacks. Even though the hackers are North Korean, they don’t always operate inside North Korea.
Many reports say that North Korea starts training its top hackers from a very young age. Children who show talent in math and science, sometimes as young as 7 or 8, are chosen for special schools that focus on computers and programming. After that, they often attend elite universities like Kim Il-sung University or Kim Chaek University, where they go through a 5-year program in advanced computer science and hacking. This early and intense training prepares them to join North Korea’s cyber units, turning them into skilled digital operatives ready to carry out cyberattacks around the world.
The operations they run are often managed like a military mission, with clear goals: steal money, avoid sanctions, and bring in hard currency to support the government. Cybercrime has become one of North Korea’s biggest income sources. So while the country stays isolated on the outside, behind the scenes, it’s training some of the world’s most dangerous cybercriminals.
What Makes Lazarus Group Outshine Their Mentors?
The Lazarus Group didn’t start from scratch. Experts believe they learned many of their early skills from more experienced hacker networks. But over time, they’ve gone even further, outsmarting and outscaling the very people who may have taught them.
What sets Lazarus apart is their willingness to take massive risks. While most hackers try to stay quiet and avoid attention, Lazarus has no problem going after huge crypto targets, even if it means the whole world finds out. Their $600 million heist from Axie Infinity shocked the entire crypto industry and showed just how far they’re willing to go.
They also go beyond normal hacking. Lazarus plays the long game. They spend weeks or months building fake companies, designing job offers, or setting up fake wallet apps. Then they wait patiently for one mistake. It’s not just technical skill, it’s psychological warfare.
History of Insane Heists
The hacking unit has pulled off some of the boldest cyber heists in history. Experts believe they have stolen over $3 billion in total, mostly in cryptocurrency. Here are some of their biggest and most shocking hacks:
- Axie Infinity Hack (2022)
In one of the biggest crypto thefts ever, Lazarus stole $620 million from the Ronin Network, which powers the popular blockchain game Axie Infinity. They used a fake job offer to trick a developer into opening a malware-infected file. - Horizon Bridge Hack (2022)
Lazarus stole $100 million from Harmony’s Horizon Bridge, a tool that connects different blockchains. The hackers used fake identities and phishing to access private keys controlling the funds. - WannaCry Ransomware (2017)
Lazarus is believed to be behind the global WannaCry ransomware attack, which locked computers in over 150 countries and demanded Bitcoin for access. It caused over $4 billion in damage globally, though the group made only a small profit. - Bangladesh Bank Heist (2016)
Lazarus tried to steal $1 billion from the central bank of Bangladesh by hacking into the SWIFT banking system. They succeeded in taking $81 million before a typo in one of their requests raised suspicion and stopped the rest. - Sony Pictures Hack (2014)
This attack wasn’t about money but caused massive damage. Lazarus leaked thousands of private emails and files from Sony Pictures as revenge for a film mocking North Korea’s leader. It cost Sony millions and made Lazarus known worldwide.
By combining fearless planning, smart tools, and a government-backed mission, Lazarus has moved past many of the original cybercrime groups. They’ve taken the craft of hacking and turned it into a global strategy for survival.
The making of a Lazarus hacker is not random, it’s a step-by-step process that starts early. It begins when a child in North Korea shows talent in math or science. That child is chosen for a special school focused on computers. From there, they go to top universities for five years of intense training in coding and cyber warfare. After graduating, many are sent abroad for real-world experience. Over time, they are shaped into highly skilled cybercriminals, trained not only in hacking but also in tricking people through fake job offers and websites. This is not just hacking, it’s a national mission, planned and controlled like a military operation. And as these digital soldiers grow smarter and bolder, one big question remains: Can today’s rules, or the ones still being written, really stop them?
