{"id":37167,"date":"2020-09-16T22:00:00","date_gmt":"2020-09-16T22:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals-\/d\/d-id\/1338938"},"modified":"2020-09-16T22:00:00","modified_gmt":"2020-09-16T22:00:00","slug":"likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\/","title":{"rendered":"Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<header><\/header>\n<p><span class=\"strong black\">Researchers examine security incidents over the past several years that seemingly connect North Korea&#8217;s Lazarus Group with Russian-speaking attackers.<\/span><\/p>\n<p class>Analysis published today examines reports from years of security incidents to pinpoint links between Lazarus Group, historically tied to North Korea, and Russian-speaking cybercriminals.<\/p>\n<p>In a write-up of his findings, Mark Arena, CEO of security firm Intel 471, holds two generally accepted assumptions: that Lazarus Group is tied to North Korea, and that TrickBot, TA505, and Dridex are connected to Russian-speaking cybercriminals. To do the analysis, Arena explored public and open sources from security researchers who published information on threat activity.<\/p>\n<p>The report concludes North Korean attackers are likely active in the cybercriminal underground and maintain relationships with high-level Russian-speaking cybercriminals, Arena reports. Further, malware believed to be used by, and likely written by, North Korean attackers was &#8220;very likely&#8221; distributed using network accesses held by Russian-speaking cybercriminals.<\/p>\n<p>&#8220;[There&#8217;s] the link between TrickBot and the operators behind Trickbot pretty clearly selling accesses to financial institutions to the North Koreans,&#8221; says Arena. &#8220;And the fact that getting access to the TrickBot operators \u2013 figuring out who they are and who you contact for that \u2013 you have to be pretty vetted from a cybercriminal perspective.&#8221;&nbsp;<\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/trickbot-module-takes-aim-at-remote-desktops\/d\/d-id\/1337345\" target=\"_blank\" rel=\"noopener noreferrer\">TrickBot<\/a> is a malware distribution framework not advertised on any open or invite-only criminal forum or marketplace, Arena says. It&#8217;s is only accessible to top-tier criminals with a proven reputation gained through involvement with buying and selling products and services in the criminal underground. The ability of North Korean attackers to communicate with TrickBot&#8217;s operators and customers would mean they&#8217;re considered top-tier cybercriminals themselves.<\/p>\n<p>Dr. Grey Rattray, partner and founder for Next Peak LLC, and former NSC director for cybersecurity at the White House, agrees. He calls Lazarus Group the &#8220;quintessential scary, emerging strategic actor.&#8221; While who they are is a little indeterminate, &#8220;they are a group with real capability&#8221; and nation-state grade tools, which they&#8217;ll use to achieve any number of goals.&nbsp;<\/p>\n<p>&#8220;Any organized group uses the least necessary tools,&#8221; says Rattray, who has previously run red team and offensive operations. Lazarus Group is capable of using the tools necessary to achieve any number of goals aligning with what the North Korean regime wants, he adds. TrickBot is one of them \u2013 SentinelOne <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/trickbot-operators-now-selling-attack-tools-to-apt-actors\/d\/d-id\/1336590\" target=\"_blank\" rel=\"noopener noreferrer\">researchers spotted<\/a> Lazarus Group using TrickBot to deploy its own malware samples onto the network of a business targeted with the Anchor attack toolset.&nbsp;<\/p>\n<p>Based on findings from SentinelOne and several other research teams, Intel 471 assesses a likely link between TrickBot operators and North Korean attackers. TrickBot seems to be a source of compromised accesses that North Korean actors can use, and the people controlling it seem well-versed in identifying compromised organizations for follow-up attack activity \u2013 whether that&#8217;s through Anchor or other intrusion tools like Metasploit, Cobalt Strike, or Empire.<\/p>\n<p>The TrickBot link was the strongest discovered between North Korean attackers and Russian-speaking cybercriminals, Arena <a href=\"https:\/\/public.intel471.com\/blog\/partners-in-crime-north-koreans-and-elite-russian-speaking-cybercriminals\/\" target=\"_blank\" rel=\"noopener noreferrer\">states in a blog<\/a>. He estimates this activity has been ongoing for over a year, though despite the length of time, it&#8217;s unclear whether the Russian-speaking actors know they&#8217;re selling to North Korean attackers, who he says are also speaking in Russian.<\/p>\n<p>Intel 471 also explored potential connections between North Korean attackers and TA505, as well as links to Dridex. They concluded while TA505 may have historically worked with North Korean attackers on occasion, it doesn&#8217;t seem to have happened recently. No link was found between North Korea and Dridex.<\/p>\n<p><strong>Lazarus Group and Russia: Targets and Motivations<br \/><\/strong>How do North Korea and Russian-speaking attackers benefit from such a collaboration? Arena starts with Russia: &#8220;What they gain out of it is their access to a team or group of people [who] are specialized in hacking banks and stealing huge amounts of money,&#8221; he explains.<\/p>\n<p>If Russian-speaking attackers sell access to a financial institution, for example, there could be a monetary incentive if the intrusion is successful. The North Korean actors who steal the funds may give back a percentage if they&#8217;re able to steal large sums of money, Arena notes.<\/p>\n<p>For North Korea, the benefit is a source of access into financial institutions. While they likely have the capability to social engineer their way into a bank, the process is time-consuming.<\/p>\n<p>&#8220;If they&#8217;re able to leverage accesses in the underground from other criminals, that&#8217;s just something they don&#8217;t have to do themselves,&#8221; Arena adds.<\/p>\n<p>From a cybercrime perspective, Russia is &#8220;leaps and bounds&#8221; ahead of other regions, which makes it an appealing collaborator. While some Russian-speaking actors are motivated by espionage, the groups in this case are purely motivated by financial gain \u2013 a goal that aligns them with North Korean attackers.&nbsp;<\/p>\n<p>Their primary focus is on organizations with lower levels of security&nbsp;\u2013&nbsp;for example, Rattray points to the attack on the Bank of Bangladesh, conducted by APT 38, an attack <a href=\"https:\/\/www.darkreading.com\/perimeter\/inside-the-north-korean-hacking-operation-behind-swift-bank-attacks--\/d\/d-id\/1332969\" target=\"_blank\" rel=\"noopener noreferrer\">group that emerged<\/a> as its own entity from the Lazarus Group. The rise of APT 38 coincided with international economic sanctions against North Korea and resulting economic pressures.<\/p>\n<p>This was one of a very large number of attacks against weak nodes in the payment system, he says. Attackers didn&#8217;t get inside the SWIFT organization but inside the people who use SWIFT to transfer major sums.<\/p>\n<p>&#8220;That&#8217;s a transformational type of risk,&#8221; he adds. &#8220;If we can&#8217;t be confident that endpoints in the SWIFT system are not going to be corrupted and move tens, if not hundreds, of millions of dollars in fraudulent transactions, people start to get worried.&#8221;&nbsp;<\/p>\n<p>Getting inside the Bank of Bangladesh, and living in there long enough to figure out how to push a fraudulent payment, is something an intelligence agency might do, Rattray points out. While he doesn&#8217;t track specific attack groups, he says collaboration with Russian-speaking actors would be a &#8220;logical evolution&#8221; for the group.<\/p>\n<p>&#8220;Lazarus Group has and will continue to use the tools and techniques necessary for the mission,&#8221; he says. &#8220;They operate like an intelligence service.&#8221; The group has proved itself highly capable, and willing, to do the highest end of bad things, and their agility in doing so is an asset.<\/p>\n<p> <span class=\"italic\">Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance &amp; Technology, where she covered financial &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=837\">View Full Bio<\/a><\/span><\/p>\n<p><strong>Recommended Reading:<\/strong><\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals-\/d\/d-id\/1338938?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers examine security incidents over the past several years that seemingly connect North Korea&#8217;s Lazarus Group with Russian-speaking attackers. Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals-\/d\/d-id\/1338938?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-37167","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-09-16T22:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals\",\"datePublished\":\"2020-09-16T22:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\\\/\"},\"wordCount\":1088,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\\\/\",\"name\":\"Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"datePublished\":\"2020-09-16T22:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\\\/#primaryimage\",\"url\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"contentUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\/","og_locale":"en_US","og_type":"article","og_title":"Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-09-16T22:00:00+00:00","og_image":[{"url":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals","datePublished":"2020-09-16T22:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\/"},"wordCount":1088,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\/#primaryimage"},"thumbnailUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\/","url":"https:\/\/www.threatshub.org\/blog\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\/","name":"Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\/#primaryimage"},"thumbnailUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","datePublished":"2020-09-16T22:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\/#primaryimage","url":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","contentUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/37167","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=37167"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/37167\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=37167"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=37167"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=37167"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}