{"id":25987,"date":"2019-03-05T19:15:00","date_gmt":"2019-03-05T19:15:00","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/lazarus-research-highlights-threat-from-north-korea\/d\/d-id\/1334063"},"modified":"2019-03-05T19:15:00","modified_gmt":"2019-03-05T19:15:00","slug":"lazarus-research-highlights-threat-from-north-korea","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/lazarus-research-highlights-threat-from-north-korea\/","title":{"rendered":"Lazarus Research Highlights Threat from North Korea"},"content":{"rendered":"<header>\n<\/header>\n<p><span class=\"strong black\">A widespread attack against companies and government agencies have been linked to the North Korean Lazarus group, underscoring that the countries hackers are becoming more brazen.<\/span> <\/p>\n<p class=\"p1\">RSA CONFERENCE 2019 \u2014 San Francisco \u2014 Evidence from a command-and-control server has linked a massive campaign against sensitive industries and government agencies to the Lazarus Group, a North Korean state-sponsored operator, cybersecurity firm McAfee announced at the RSA Conference this week.<\/p>\n<p class=\"p1\">After gaining access to code and data from the C&amp;C server, McAfee researchers analyzed the evidence and <a href=\"https:\/\/www.businesswire.com\/news\/home\/20190303005031\/en\/McAfee-Research-Rare-Command-Control-Nation-State-Cyber\" target=\"_blank\">concluded that the campaign<\/a>&nbsp;\u2014 which they dubbed Operation Sharpshooter \u2014started a year earlier than previously thought and targeted a larger group of organizations. In a previous analysis, published in December 2018, McAfee researchers hesitated to connect the campaign to the activities of the Lazarus Group.<\/p>\n<p class=\"p3\">&#8220;Operation Sharpshooter\u2019s numerous technical links to the Lazarus Group seem too obvious to immediately draw the conclusion that they are responsible for the attacks, and instead indicate a potential for false flags,&#8221; <a href=\"https:\/\/securingtomorrow.mcafee.com\/other-blogs\/mcafee-labs\/operation-sharpshooter-targets-global-defense-critical-infrastructure\/\" target=\"_blank\">the company&#8217;s researchers stated at the time<\/a>. &#8220;Our research focuses on how this actor operates, the global impact, and how to detect the attack. We shall leave attribution to the broader security community.&#8221;<\/p>\n<p class=\"p3\">With the additional evidence from the server used by the attackers to manage their network of compromised systems, McAfee&#8217;s researchers found that the Sharpshooter campaign used the same software implants and malicious code as the Lazarus Group.<\/p>\n<p class=\"p1\">The report highlighted the increasing sophistication as well as the ubiquity of cyber-operations from North Korea, which uses attacks to steal funds, collect intelligence and punish rivals. North Korean groups are among the most brazen state-sponsored attackers, said Tom Kellerman, chief cybersecurity officer with Carbon Black.<\/p>\n<p class=\"p1\">&#8220;They finally have an A-team, thanks to the tech transfer from Russia,&#8221; Kellerman said.<\/p>\n<p class=\"p1\">An interesting piece of the puzzle is that early attacks focused on networks in Namibia, leading McAfee researchers to conclude that the Sharpshooter group may have used the African nation as a testing ground for its software implants and attack code.<\/p>\n<p><strong>Financial Services, Government Bear Brunt of Attacks<\/strong><br \/>Getting access to the command-and-control server gave McAfee researchers the evidence needed to connect Operation Sharpshooter to the Lazarus Group, Christiaan Beek, McAfee senior principal engineer and lead scientist, said in a statement.<\/p>\n<p class=\"p1\">&#8220;Access to the adversary\u2019s command-and-control server code is a rare opportunity,&#8221; Beek said. &#8220;These systems provide insights into the inner workings of cyberattack infrastructure, are typically seized by law enforcement, and only rarely made available to private sector researchers.&#8221;<\/p>\n<p class=\"p1\">The most recent attacks mainly focused on financial services, government agencies, and critical infrastructure, McAfee stated. The attackers primarily targeted Germany, Turkey, the United Kingdom and the United States. Earlier attacks had also focused on telecommunications companies and had included Israel as one of the primary targets.<\/p>\n<p class=\"p1\">In <a href=\"https:\/\/www.carbonblack.com\/resources\/threat-research\/modern-bank-heists-the-bank-robbery-shifts-to-cyberspace\/\" target=\"_blank\">a survey of financial services CISOs<\/a>, Carbon Black found that two-thirds of respondents had faced more cyberattacks in the last 12 months than the same period the prior year. While social engineering attacks remain the most common \u2014 with 79% of firms encountering highly targeted phishing attacks \u2014 32% of firms detected attacks coming from third parties, such as suppliers and partners.<\/p>\n<p class=\"p1\">In addition, destructive attacks against financial institutions \u2014 a hallmark of many North Korean operations \u2014 have become more common, with a quarter of all attacks having a component that destroys or encrypts data.<\/p>\n<p class=\"p1\">&#8220;You see this transition now from bank heists to a hostage situations,&#8221; Kellerman said. &#8220;These attacks are not being leveraged at the beginning of the attack, but at the end \u2026 They want to be punitive on their way out, because they know they are being reacted to.&#8221;<\/p>\n<p><strong>Needed: Subtler Incident Response<\/strong><br \/>Much of this is a reaction to incident responders trying to stop attackers and clean up compromised servers and workstations, Kellerman said. About a third of institutions surveyed experienced some form of counter incident-response reaction from attackers, either destroying data or using a sleep cycle to wake up secondary command-and-control channels.&nbsp;<\/p>\n<p class=\"p1\">&#8220;We are being too loud in how we conduct incident response, and we are being a bit too cocky by immediately terminate command and control,&#8221; he said. &#8220;This really highlights our need to become better at how we conduct the ultimate investigation.&#8221;&nbsp;<\/p>\n<p class=\"p1\">Attackers are also using sophisticated techniques such as steganography \u2014 hiding data in images or other file types \u2014 as either a secondary command-and-control channel or as a way of delivering additional malware payloads to the targeted server.&nbsp;<\/p>\n<p class=\"p1\">&#8220;Embedding multiple content types within a single file \u2026 has been a common technique seen in many malware droppers for some time,&#8221; Carbon Black stated in its report. &#8220;This technique is used to evade detection on the network wire and on the endpoint as well has hide content on disk in familiar file types such as images.&#8221;<\/p>\n<p class=\"p5\"><strong>Related Links<\/strong><\/p>\n<div readability=\"7.3636363636364\">\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/INT19-Logo-HorizDates-3035.png\" alt width=\"360\" height=\"48\"><\/p>\n<p><strong>Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry&#8217;s most knowledgeable IT security experts. Check out the <a href=\"https:\/\/www.interop.com\/darkreading\/?_mc=hsad_x_drr_le_tsnr_intplv_x_x-drvplug\" target=\"_blank\">Interop agenda<\/a> here.<\/strong><\/p>\n<\/div>\n<p><span class=\"italic\">Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT&#8217;s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=1161\">View Full Bio<\/a><\/span> <\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p> Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/lazarus-research-highlights-threat-from-north-korea\/d\/d-id\/1334063?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A widespread attack against companies and government agencies have been linked to the North Korean Lazarus group, underscoring that the countries hackers are becoming more brazen. Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/lazarus-research-highlights-threat-from-north-korea\/d\/d-id\/1334063?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-25987","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Lazarus Research Highlights Threat from North Korea 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/lazarus-research-highlights-threat-from-north-korea\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Lazarus Research Highlights Threat from North Korea 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/lazarus-research-highlights-threat-from-north-korea\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-03-05T19:15:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/INT19-Logo-HorizDates-3035.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lazarus-research-highlights-threat-from-north-korea\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lazarus-research-highlights-threat-from-north-korea\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Lazarus Research Highlights Threat from North Korea\",\"datePublished\":\"2019-03-05T19:15:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lazarus-research-highlights-threat-from-north-korea\\\/\"},\"wordCount\":873,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lazarus-research-highlights-threat-from-north-korea\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/INT19-Logo-HorizDates-3035.png\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lazarus-research-highlights-threat-from-north-korea\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lazarus-research-highlights-threat-from-north-korea\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lazarus-research-highlights-threat-from-north-korea\\\/\",\"name\":\"Lazarus Research Highlights Threat from North Korea 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lazarus-research-highlights-threat-from-north-korea\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lazarus-research-highlights-threat-from-north-korea\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/INT19-Logo-HorizDates-3035.png\",\"datePublished\":\"2019-03-05T19:15:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lazarus-research-highlights-threat-from-north-korea\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lazarus-research-highlights-threat-from-north-korea\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lazarus-research-highlights-threat-from-north-korea\\\/#primaryimage\",\"url\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/INT19-Logo-HorizDates-3035.png\",\"contentUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/INT19-Logo-HorizDates-3035.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lazarus-research-highlights-threat-from-north-korea\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Lazarus Research Highlights Threat from North Korea\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Lazarus Research Highlights Threat from North Korea 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/lazarus-research-highlights-threat-from-north-korea\/","og_locale":"en_US","og_type":"article","og_title":"Lazarus Research Highlights Threat from North Korea 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/lazarus-research-highlights-threat-from-north-korea\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-03-05T19:15:00+00:00","og_image":[{"url":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/INT19-Logo-HorizDates-3035.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/lazarus-research-highlights-threat-from-north-korea\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/lazarus-research-highlights-threat-from-north-korea\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Lazarus Research Highlights Threat from North Korea","datePublished":"2019-03-05T19:15:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/lazarus-research-highlights-threat-from-north-korea\/"},"wordCount":873,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/lazarus-research-highlights-threat-from-north-korea\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/INT19-Logo-HorizDates-3035.png","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/lazarus-research-highlights-threat-from-north-korea\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/lazarus-research-highlights-threat-from-north-korea\/","url":"https:\/\/www.threatshub.org\/blog\/lazarus-research-highlights-threat-from-north-korea\/","name":"Lazarus Research Highlights Threat from North Korea 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/lazarus-research-highlights-threat-from-north-korea\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/lazarus-research-highlights-threat-from-north-korea\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/INT19-Logo-HorizDates-3035.png","datePublished":"2019-03-05T19:15:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/lazarus-research-highlights-threat-from-north-korea\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/lazarus-research-highlights-threat-from-north-korea\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/lazarus-research-highlights-threat-from-north-korea\/#primaryimage","url":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/INT19-Logo-HorizDates-3035.png","contentUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/INT19-Logo-HorizDates-3035.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/lazarus-research-highlights-threat-from-north-korea\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Lazarus Research Highlights Threat from North Korea"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/25987","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=25987"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/25987\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=25987"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=25987"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=25987"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}