LAZARUS – CYBER COLLECTIVE
If the Stuxnet attack can be rightly be called as the 9/11 of Cyber Security, then Lazarus certainly qualifies for the epithet of ISIS of the cyber world. Lazarus has been associated with entities reanimated; biological entities died but somehow come back to life. Biblical Lazarus was a man Jesus raised from the dead. A cyber collective, Lazarus, is the 21st century version of this, radically different in purpose. The government support makes it all the more potent.
Lazarus is North Korean Cyber Collective, has targeted high profile targets in as many as 31 countries. Sony Pictures Entertainment was hacked in 2014, costing $35 million in IT repairs, besides a major hit to their reputation. The cyber heist of central bank of Bangladesh made them richer by $81 million. The Polish financial regulator, Polish Financial Supervision Authority was at the centre of a watering hole attack, infecting large number of banks, early this year. The malware is used to attack only particular IP addresses of 31 countries from 104 specific organisations.
Lazarus does not claim responsibility of any attack, the Sony one was under the name of Guardians of Peace. It took a while for the security researchers to unravel the modus operandi. Following the cyber war trail / deciphering tool usage, the conclusion was that these different cyber collectives were one & the same. According to one researcher, “these aren’t pieces of malware that are being shared on underground forums – these are very well guarded codebases that haven’t leaked or been found publicly.”
These series of cyber attacks are hitting at the roots of the reputation & economic stability of adversarial nations. Offensively advanced cyberattacking capabilities of North Korea is a doomsday warning. “Do you believe there are nation states now robbing banks?
THE DIMENSIONS OF THE CYBER WAR ARE YET UNKNOWN.