4 entries tagged “state-sponsored”.
A North Korea-linked RGB unit (Lazarus umbrella) that blends cyber-espionage with revenue generation. The U.S. sanctioned it in 2019 and, in 2024, indicted member Rim Jong Hyok for deploying Maui ransomware against U.S. hospitals and laundering the proceeds to fund further espionage.
A North Korea-linked, financially focused sub-group of the Lazarus umbrella that targets banks and crypto firms. Blamed for the 2016 Bangladesh Bank SWIFT heist and, more recently, macOS malware campaigns against crypto businesses (RustBucket, KandyKorn, 'Hidden Risk'). Sanctioned by the U.S. in 2019.
A North Korea-linked threat cluster (part of the Lazarus umbrella) that the FBI blames for several of the largest exchange thefts, including Bybit ($1.5B), DMM Bitcoin ($305M), and the Ronin/Axie bridge. It favors social-engineering of employees and supply-chain compromises.
The most widely used name for North Korea's state-sponsored hacking apparatus, run under its Reconnaissance General Bureau. Blamed for the Sony hack, the Bangladesh Bank SWIFT heist, WannaCry, and — since ~2017 — many of the largest crypto thefts ever. Chainalysis puts DPRK's cumulative crypto haul near $6.75B, used to fund the regime's weapons programs.