Lazarus hacking group timeline
June 30, 2022 - North Korea’s state-sponsored Lazarus Group of hackers is believed to be behind an attack that stole $100 million in cryptocurrency from U.S. company Horizon Bridge, a service that allows assets to be transferred to other blockchains.
Lazarus Group, also known as APT 38 (advanced persistent threat), is led by North Korea’s Reconnaissance General Bureau -- Pyongyang’s intelligence agency. Stolen funds are used to support North Korea’s weapons of mass destruction and its ballistic missile programmes.
The hacking group’s earliest known attack is “Operation Troy,” which occurred from 2009 to 2012. This was a cyber-espionage campaign that used distributed denial-of-service attack (DDoS) techniques to target the South Korean government in Seoul.
In 2014, Lazarus Group caused mayhem in Hollywood and Sony Pictures Entertainment when hundreds of hard drives were wiped. Internal emails were also leaked after the studio released “The Interview,” a comedy that ridiculed North Korea’s leader Kim Jong-un.
Horizon Bridge is a service operated by the Harmony blockchain that allows assets to be transferred to other blockchains.
The latest heist in decentralized finance (DeFi) occurred on June 23. The style of attack and the use of a “mixer” -- used to obscure the origin of funds -- is similar to previous hacks attributed to Lazarus, Chainalysis, a blockchain firm investigating the attack, said on Twitter.
In late March, around $620 million in Ethereum was stolen. The FBI identified two groups behind the heist, including the Lazarus Group.
If Lazarus is confirmed as the Horizon Bridge hacker, Chainalysis said the attack will be the group’s eighth this year -- totalling $1 billion in stolen funds.