JeongGak Lyu, @lazarusholic

He works at the Financial Security Institute in South Korea. FSI serves as an ISAC and CERT in the financial sector, offering a range of services to financial institutions. With over 20 years of experience, he has been involved in various tasks such as security operations, vulnerability assessments, and incident response.


He is everywhere: A tale of Lazarus and his family
JeongGak Lyu, @lazarusholic

The threat groups from North Korea, known as Lazarus, are highly active and pose a significant danger to various industries worldwide. With over 20 years of experience in cybersecurity, I have focused on investigating incidents and providing detailed reports to my clients. Through my extensive research, I have accumulated a vast knowledge base concerning their TTPs and aliases.

Since the early 2000s, they have been primarily targeting South Korea and gained global recognition in 2014 during Operation Blockbuster. From 2015 onwards, they expanded their scope to focus on the financial and cryptocurrency sectors, carrying out large-scale ransomware attacks and extortion campaigns. Additionally, they have pursued sensitive information by targeting industries such as nuclear, defense, and aerospace. They exhibit exceptional skills in compromising supply chains, executing drive-by download attacks, exploiting remote services, and conducting phishing campaigns. They possess a remarkable ability to quickly adapt and optimize their attacks for specific targets.

The cybersecurity community, including myself, maintains a vigilant watch over their activities. As a supplementary initiative, I maintain a website(https://lazarus.day) that catalogs their various aliases and posts related to them. Since 2009, there have been over 1500 posts authored by almost 300. He is everywhere.

Salle Europe