Lazarus Group

Also known as: Hidden Cobra, ZINC, Diamond Sleet, APT38

Overview

North Korean state-sponsored group focused on financial theft and crypto heists to fund the regime. Also conducts espionage and destructive attacks. Responsible for $1.5B Bybit hack.

MITRE ATT&CK Coverage

Recon

Res Dev

Init Access

Execution

Persistence

Priv Esc

Def Evasion

Cred Access

Discovery

Lat Move

Collection

Exfil

Impact

3 of 14 tactics observed

Raw TTPs

Cryptocurrency TheftSupply Chain AttacksSocial EngineeringWatering HoleCustom MalwareDeFi Exploitation

Related Intelligence (4)

HIGHData BreachExploited

Lazarus Group Targets DeFi Protocols with New Smart Contract Exploit Kit

Lazarus Group deploys modular smart contract exploit toolkit targeting DeFi protocols. $200M stolen across four platforms in March.

DeFi Protocols

6d agoChainalysis / SlowMist

CRITICALData BreachExploited

Lazarus Group Linked to $1.5B Bybit Cryptocurrency Heist

FBI attributes the $1.5 billion Bybit cryptocurrency exchange hack to North Korea Lazarus Group. Largest crypto theft in history.

Bybit Exchange

Mar 19, 2026FBI / Chainalysis

MEDIUMApt

OpenAI Discloses State-Sponsored Misuse of ChatGPT for Cyber Operations

OpenAI reports disrupting five state-sponsored groups using ChatGPT for reconnaissance, phishing content generation, and malware debugging.

ChatGPT

Mar 14, 2026OpenAI Threat Intelligence

MEDIUMInsider Threat

North Korean IT Workers Infiltrate Fortune 500 Companies via Remote Positions

DOJ charges 14 North Korean nationals operating as remote IT workers at Fortune 500 companies. $88M in wages funneled to DPRK regime.

Remote Work Platforms

Mar 5, 2026DOJ / FBI

Command Palette