Lazarus Group
Coverage of Lazarus Group in the Nexus archive.
- Rogue states are putting AI agents to work on sanctions evasion
Rogue states like North Korea and Iran are leveraging AI to enhance sanctions evasion through fake identities, shell companies, and crypto laundering, per a RUSI report. The report highlights AI's role in increasing efficiency and evading detection, with examples like North Korea's Lazarus Group and the 2025 Bybit theft.
- Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
The Lazarus Group, linked to North Korea, has deployed a memory-only malware called RemotePE in multi-stage attacks targeting financial and cryptocurrency organizations. The attack chain involves two loaders, DPAPILoader and RemotePELoader, as analyzed by NCC Group subsidiary Fox-IT.
- Kelp DAO, Aave to resume rsETH operations as recovery from $292 million exploit progresses
Kelp DAO was exploited for $292 million on April 18 by attackers suspected to be part of North Korea's Lazarus Group, but is resuming rsETH operations as recovery progresses. The exploit occurred recently and the amount stolen was significant. Recovery efforts are underway.
- Did North Korean Hackers Just Play Aave Twice?
North Korean hackers, specifically the Lazarus Group, may have profited from a short position on the AAVE token after hacking the Kelp platform, generating a 26% profit. The hack triggered a price crash and an outflow of liquidity from the platform. DeFiLlama data shows a loss of $6.6 billion in TVL.
- This April We Saw $805 Million Lost in DeFi Hacks
In April, $805 million was lost through DeFi hacks targeting platforms like Kelp Dao, Drift Protocol, and Grinex. Attacks involved methods such as social engineering and domain hijacking, with North Korea-backed Lazarus Group suspected as the primary threat actor.
- North Korean hackers siphon more than $12 million from crypto users in sprawling campaign
North Korean hackers, likely linked to the Lazarus Group, have stolen over $12 million from cryptocurrency users through a large-scale cyber campaign. The attack exploited vulnerabilities in crypto platforms, highlighting ongoing threats in the digital asset space.
- Lazarus Group Malware Targets Crypto, Business Execs via macOS
The Lazarus Group is using malware targeting macOS to attack cryptocurrency and business executives. The threat highlights increased cybersecurity risks for these sectors.
- Lazarus Group has become especially dangerous with new Mach-O Man attack: CertiK
CertiK reports that the Lazarus Group has become more dangerous with the emergence of the Mach-O Man attack, a new cyber threat. The attack highlights increased risks from the hacking group, known for its sophisticated cyber operations.
- North Korea just stole $292 million from DeFi and the two protocols involved are publicly blaming each other
North Korea is suspected of stealing $292 million from DeFi protocols Kelp DAO and Aave by exploiting a cross-chain bridge vulnerability. The attack involved draining 116,500 rsETH, using it as collateral to borrow $196 million in ETH, and triggering a $13 billion drop in DeFi TVL. Kelp and LayerZero are publicly blaming each other for the breach.
- KelpDAO suffers $290 million heist tied to Lazarus hackers
KelpDAO, a DeFi project, suffered a $290 million crypto-heist attributed to Lazarus hackers, likely state-sponsored North Korean cybercriminals. The attack occurred on Saturday, highlighting vulnerabilities in decentralized finance platforms.
- LayerZero Pins $292M KelpDAO Bridge Hack on North Korea’s Lazarus Group
LayerZero attributes a $292 million hack of the KelpDAO Bridge to North Korea’s Lazarus Group, who forged a cross-chain message to execute the attack and nearly repeated the exploit before erasing their digital footprint.