There are groups hacker who come from all over the world but, in some specific areas, the political-cultural conditions exist which make fertile ground for the rise of collectives.
In some cases, the gangs that are created constitute a danger to the whole world, especially if governments sponsor the groups. In the North Korean contexti cybercriminali they seem to be experiencing a real “golden age”.
In this sense, experts have recorded three massive campaigns in the last few weeks alone, with perpetrators somehow linked to the Asian state. Operations focused on zero-day vulnerabilitywith the aim of stealing information from victims and installing persistent malware.
Not just Lazarus: here are the North Korean hackers who worry security experts
In this sense, the most striking case is the one revealed by National Cyber Security Center (NCSC) of the United States and the National Intelligence Service (NIS) of South Korea. Involved in this operation, apparently, is the infamous group Lazarus who abused a zero-day exploit in MagicLine4NX.
The software, used for the authentication and secure access of company employees, was thus exploited for data exfiltration, the release of malware and other illicit actions. In fact, Lazarus has recently been the protagonist of a massive attack on CyberLink. The Taiwanese company suffered a malware infection in its software update system, spreading a malicious agent known as LambLoad.
The aforementioned collective, however, represents only a small part of the hacker context linked to North Korea. According to some estimates, there are in the Asian country 1,000 experts at the service of the government, with thousands and thousands of hackers scattered around the world but working for Kim.
Among the many collectives, we can mention Andariel Group (specialized in information gathering), Electronic Warfare Jamming Regiment and the Bluenoroff Groupone of the largest, specializing in financial operations.