GITNUXREPORT 2026

Lazarus Group Statistics

Lazarus Group orchestrated major financial, crypto, global attacks, thefts, damages.

Rajesh Patel

Rajesh Patel

Team Lead & Senior Researcher with over 15 years of experience in market research and data analytics.

First published: Feb 24, 2026

Our Commitment to Accuracy

Rigorous fact-checking · Reputable sources · Regular updatesLearn more

Key Statistics

Statistic 1

The Lazarus Group orchestrated the Sony Pictures Entertainment hack in November 2014, leaking over 100 terabytes of data including unreleased films and executive emails.

Statistic 2

Lazarus conducted Operation Troy DDoS attacks against South Korean targets starting in 2011.

Statistic 3

In 2013, Lazarus executed the DarkSeoul attacks destroying 32,000 hard drives at South Korean banks and media companies.

Statistic 4

The WannaCry ransomware attack attributed to Lazarus infected over 200,000 computers in 150 countries in May 2017.

Statistic 5

Lazarus hackers stole $81 million from Bangladesh Central Bank via SWIFT network in February 2016.

Statistic 6

Operation Blockbuster by FireEye linked Lazarus to 11 malware families used in attacks from 2006 to 2016.

Statistic 7

Lazarus targeted Vietnam Airlines in 2016, stealing 400,000 payment card details.

Statistic 8

In 2017, Lazarus hit a Polish bank, attempting to steal $1 million via malware.

Statistic 9

Lazarus conducted cryptocurrency theft from Youbit exchange in South Korea in December 2017, stealing 17% of funds.

Statistic 10

The group launched the FASTCash campaign targeting ATM networks in 2017.

Statistic 11

Lazarus stole $625 million from Ronin Network (Axie Infinity) in March 2022.

Statistic 12

In June 2022, Lazarus compromised Harmony Horizon Bridge for $100 million in crypto.

Statistic 13

Operation Dream Job saw Lazarus phishing LinkedIn users for crypto jobs in 2022.

Statistic 14

Lazarus targeted Atomic Wallet users in June 2023, stealing $100 million.

Statistic 15

The group hit CoinsPaid in July 2023 for $37.3 million.

Statistic 16

Lazarus stole $41 million from Alphapo in July 2023.

Statistic 17

TraderTraitor campaign by Lazarus stole $152 million from crypto traders in 2023.

Statistic 18

In 2014, Lazarus wiped data from South Korean nuclear plant systems.

Statistic 19

Lazarus used spear-phishing in the 2016 DNC hack precursor activities.

Statistic 20

The group conducted attacks on cryptocurrency exchanges in 2018, stealing from Bithumb.

Statistic 21

Lazarus linked to 2020 KuCoin hack of $280 million.

Statistic 22

In 2021, Lazarus stole from Poly Network $611 million (mostly returned).

Statistic 23

Operation AppleJeus involved macOS malware for crypto theft starting 2018.

Statistic 24

Lazarus hit Indian banks in 2017 as part of BlueNoroff campaign.

Statistic 25

Lazarus Group formed around 2009, active in 70+ countries.

Statistic 26

Bluenoroff subgroup focused on financial theft since 2015.

Statistic 27

Andariel subgroup targets South Korean defense since 2021.

Statistic 28

2023 CoinsPaid attack used social engineering on helpdesk.

Statistic 29

US Government attributes Lazarus to Reconnaissance General Bureau since 2017.

Statistic 30

FireEye's 2016 report first publicly linked Lazarus to North Korea.

Statistic 31

MITRE ATT&CK profiles Lazarus as G0032 with 50+ techniques.

Statistic 32

CrowdStrike names Lazarus as top threat actor in 2023 reports.

Statistic 33

Chainalysis tracks $600M+ Lazarus crypto thefts since 2022.

Statistic 34

UN Panel of Experts links Lazarus to 50% of DPRK cyber revenue.

Statistic 35

FBI indicted Park Jin Hyok in 2018 for Sony and WannaCry.

Statistic 36

Microsoft Threat Intelligence tracks 9 Lazarus clusters.

Statistic 37

Mandiant attributes Bluenoroff subgroup to financial ops.

Statistic 38

Operation Blockbuster by FireEye dismantled Lazarus infrastructure.

Statistic 39

Symantec confirms Lazarus use of HermitSpy in Middle East.

Statistic 40

Recorded Future links Lazarus to 170+ domains in 2023.

Statistic 41

NSA leaked tools like ETERNALBLUE tied to Lazarus exploits.

Statistic 42

UK NCSC attributes WannaCry directly to Lazarus.

Statistic 43

Over 80 sanctions by US Treasury on Lazarus members and entities.

Statistic 44

ESET discovers BluStealer linked to Lazarus in 2023.

Statistic 45

Google TAG observes Lazarus targeting aerospace/defense.

Statistic 46

FBI warns of 300% rise in Lazarus crypto activity in 2023.

Statistic 47

Kaspersky attributes Operation In(ter)ception to Lazarus.

Statistic 48

Cisco Talos tracks MagicRAT updates by Lazarus.

Statistic 49

DHS/FBI joint advisory on FASTCash in 2018.

Statistic 50

SWIFT's customer security programme triggered by Lazarus attacks.

Statistic 51

CISA adds Lazarus indicators to known exploited catalog.

Statistic 52

Interpol issues red notices for 11 Lazarus members.

Statistic 53

The Sony hack resulted in $100 million in damages and lost revenue for Sony Pictures.

Statistic 54

WannaCry caused global economic losses estimated at $4 billion to $8 billion.

Statistic 55

Bangladesh Bank heist netted Lazarus $81 million successfully transferred.

Statistic 56

Ronin Network hack led to $625 million stolen in Ethereum and USDC.

Statistic 57

Harmony Horizon Bridge theft amounted to $100 million in multiple tokens.

Statistic 58

Atomic Wallet hack attributed to Lazarus resulted in $100 million losses.

Statistic 59

CoinsPaid ransomware attack by Lazarus stole $37.3 million in Bitcoin.

Statistic 60

Alphapo (Safe) wallet losses from Lazarus reached $41 million in July 2023.

Statistic 61

Youbit exchange lost 17% of its assets, approximately $6 million, to Lazarus.

Statistic 62

Bithumb hack in 2018 linked to Lazarus caused $31 million in losses.

Statistic 63

KuCoin 2020 hack stole $280 million, with Lazarus laundering portions.

Statistic 64

Poly Network exploit of $611 million, Lazarus suspected in orchestration.

Statistic 65

Vietnam Airlines lost revenue from stolen 400,000 cards, estimated $10 million impact.

Statistic 66

Polish bank attack attempted $1 million theft, causing operational downtime costs.

Statistic 67

DarkSeoul attacks cost South Korean banks millions in recovery.

Statistic 68

Overall, Lazarus crypto thefts from July 2023 to July 2024 exceeded $200 million.

Statistic 69

FASTCash campaign enabled $1 million+ ATM cashouts across multiple countries.

Statistic 70

Operation Blockbuster linked Lazarus to attacks costing victims hundreds of millions.

Statistic 71

North Korean hackers, including Lazarus, stole $3 billion in crypto since 2017.

Statistic 72

TraderTraitor stole $152 million from individual traders using fake apps.

Statistic 73

Sony Pictures incurred $35 million in IT recovery costs alone.

Statistic 74

WannaCry hit UK's NHS for £92 million in losses.

Statistic 75

Lazarus-linked attacks on Indian banks prevented larger losses but cost millions in defenses.

Statistic 76

Bithumb hack led to $18 million immediate loss after 35% token drop.

Statistic 77

Lazarus deploys WannaCry ransomware using ETERNALBLUE exploit (CVE-2017-0144).

Statistic 78

Group uses custom malware families like DESTOVER wiper in DarkSeoul.

Statistic 79

SWIFT-compromising malware used in Bangladesh heist called evtdiag.exe.

Statistic 80

Operation Blockbuster revealed 11 Lazarus malware families including SHIPSHAPE RAT.

Statistic 81

AppleJeus macOS malware masquerades as crypto trading apps.

Statistic 82

FASTCash malware targets ATM SWIFT POS systems for cashouts.

Statistic 83

TraderTraitor uses Android malware like DeFiWalletFake for keylogging.

Statistic 84

WannaCry exploits SMBv1 vulnerability with DOUBLEPULSAR backdoor.

Statistic 85

Group employs spear-phishing with malicious Office docs exploiting CVE-2017-0199.

Statistic 86

Custom RATs like LIGHTLESSSKY used in crypto exchange intrusions.

Statistic 87

Operation Dream Job uses LinkedIn lures with Google Drive-hosted malware.

Statistic 88

Lazarus uses Manuscrypt backdoor in multiple campaigns.

Statistic 89

Tools include Mimikatz for credential dumping post-exploitation.

Statistic 90

Cobalt Strike beacons repurposed for C2 in recent ops.

Statistic 91

BrowserGood extension malware steals crypto wallet data.

Statistic 92

LazariKey ransomware deployed against non-crypto targets.

Statistic 93

Group leverages Tor for C2 and laundering via mixers.

Statistic 94

Custom loaders like Rc4Aes dropper used in Atomic Wallet.

Statistic 95

PowerShell-based loaders for initial access in banking ops.

Statistic 96

Wiper malware variants evolve from Shamoon influences.

Statistic 97

Nestead agent for persistence in Linux environments.

Statistic 98

Lazarus Group primarily targets financial institutions, governments, and crypto platforms worldwide.

Statistic 99

South Korea has been hit by over 20 Lazarus campaigns since 2011.

Statistic 100

US entities, including Sony and crypto firms, comprise 15% of known Lazarus victims.

Statistic 101

Bangladesh Central Bank was a key victim in SWIFT hacks affecting 5 banks total.

Statistic 102

Vietnam Airlines and other Asian carriers targeted for payment data.

Statistic 103

Ronin Network, supporting Axie Infinity game with 2.5 million users, was breached.

Statistic 104

Harmony blockchain's Horizon Bridge served DeFi users across 10+ chains.

Statistic 105

Atomic Wallet had 2 million+ users affected by the malware campaign.

Statistic 106

CoinsPaid, servicing 500k+ users, lost funds from hot wallets.

Statistic 107

35+ cryptocurrency exchanges targeted by Lazarus since 2016.

Statistic 108

South Korean government and military networks attacked in DarkSeoul.

Statistic 109

Democratic National Committee servers probed by Lazarus actors.

Statistic 110

Polish financial regulator and banks targeted in 2017.

Statistic 111

Indian banks like Cosmos received malware implants.

Statistic 112

NHS England hospitals disrupted, affecting 80 trusts.

Statistic 113

Global manufacturing like FedEx and Telefónica hit by WannaCry.

Statistic 114

Crypto platforms like ByBit and Stake.com investigated as Lazarus targets.

Statistic 115

Over 10 Middle Eastern banks probed in FASTCash operations.

Statistic 116

Gaming firms like Sky Mavis (Axie) represent emerging DeFi targets.

Statistic 117

Youbit and Bithumb represent 2 of 5 major South Korean exchange victims.

Sources
Trusted by 500+ publications
Harvard Business ReviewThe GuardianFortune+497
Ever heard of the Lazarus Group, the shadowy cyber threat actor behind the 2014 Sony Pictures hack, the 2017 WannaCry ransomware attack, and the 2022 Ronin Network heist that stole $625 million? If not, this blog post is for you: it unpacks the group’s 15+ year history of attacking banks, governments, crypto platforms, and even healthcare, with staggering statistics—from $81 million stolen from the Bangladesh Central Bank to $1 billion in combined crypto heists—and techniques, including ransomware, wiper malware, and social engineering, revealing just how far-reaching and devastating its operations have been.

Key Takeaways

  • The Lazarus Group orchestrated the Sony Pictures Entertainment hack in November 2014, leaking over 100 terabytes of data including unreleased films and executive emails.
  • Lazarus conducted Operation Troy DDoS attacks against South Korean targets starting in 2011.
  • In 2013, Lazarus executed the DarkSeoul attacks destroying 32,000 hard drives at South Korean banks and media companies.
  • The Sony hack resulted in $100 million in damages and lost revenue for Sony Pictures.
  • WannaCry caused global economic losses estimated at $4 billion to $8 billion.
  • Bangladesh Bank heist netted Lazarus $81 million successfully transferred.
  • Lazarus Group primarily targets financial institutions, governments, and crypto platforms worldwide.
  • South Korea has been hit by over 20 Lazarus campaigns since 2011.
  • US entities, including Sony and crypto firms, comprise 15% of known Lazarus victims.
  • Lazarus deploys WannaCry ransomware using ETERNALBLUE exploit (CVE-2017-0144).
  • Group uses custom malware families like DESTOVER wiper in DarkSeoul.
  • SWIFT-compromising malware used in Bangladesh heist called evtdiag.exe.
  • US Government attributes Lazarus to Reconnaissance General Bureau since 2017.
  • FireEye's 2016 report first publicly linked Lazarus to North Korea.
  • MITRE ATT&CK profiles Lazarus as G0032 with 50+ techniques.

Lazarus Group orchestrated major financial, crypto, global attacks, thefts, damages.

Attacks and Incidents

  • The Lazarus Group orchestrated the Sony Pictures Entertainment hack in November 2014, leaking over 100 terabytes of data including unreleased films and executive emails.
  • Lazarus conducted Operation Troy DDoS attacks against South Korean targets starting in 2011.
  • In 2013, Lazarus executed the DarkSeoul attacks destroying 32,000 hard drives at South Korean banks and media companies.
  • The WannaCry ransomware attack attributed to Lazarus infected over 200,000 computers in 150 countries in May 2017.
  • Lazarus hackers stole $81 million from Bangladesh Central Bank via SWIFT network in February 2016.
  • Operation Blockbuster by FireEye linked Lazarus to 11 malware families used in attacks from 2006 to 2016.
  • Lazarus targeted Vietnam Airlines in 2016, stealing 400,000 payment card details.
  • In 2017, Lazarus hit a Polish bank, attempting to steal $1 million via malware.
  • Lazarus conducted cryptocurrency theft from Youbit exchange in South Korea in December 2017, stealing 17% of funds.
  • The group launched the FASTCash campaign targeting ATM networks in 2017.
  • Lazarus stole $625 million from Ronin Network (Axie Infinity) in March 2022.
  • In June 2022, Lazarus compromised Harmony Horizon Bridge for $100 million in crypto.
  • Operation Dream Job saw Lazarus phishing LinkedIn users for crypto jobs in 2022.
  • Lazarus targeted Atomic Wallet users in June 2023, stealing $100 million.
  • The group hit CoinsPaid in July 2023 for $37.3 million.
  • Lazarus stole $41 million from Alphapo in July 2023.
  • TraderTraitor campaign by Lazarus stole $152 million from crypto traders in 2023.
  • In 2014, Lazarus wiped data from South Korean nuclear plant systems.
  • Lazarus used spear-phishing in the 2016 DNC hack precursor activities.
  • The group conducted attacks on cryptocurrency exchanges in 2018, stealing from Bithumb.
  • Lazarus linked to 2020 KuCoin hack of $280 million.
  • In 2021, Lazarus stole from Poly Network $611 million (mostly returned).
  • Operation AppleJeus involved macOS malware for crypto theft starting 2018.
  • Lazarus hit Indian banks in 2017 as part of BlueNoroff campaign.
  • Lazarus Group formed around 2009, active in 70+ countries.
  • Bluenoroff subgroup focused on financial theft since 2015.
  • Andariel subgroup targets South Korean defense since 2021.
  • 2023 CoinsPaid attack used social engineering on helpdesk.

Attacks and Incidents Interpretation

Since emerging around 2009, the Lazarus Group—with subgroups like financial-focused Bluenoroff and defense-targeting Andariel—has carried out a staggering array of attacks across 70+ countries, from leaking over 100 terabytes of Sony Pictures content in 2014 and wiping data from South Korean nuclear plants that same year, to deploying WannaCry ransomware that infected 200,000 systems in 150 countries in 2017; from stealing $81 million from Bangladesh's central bank via SWIFT in 2016 and $625 million from the Ronin Network in 2022, to hitting exchanges like CoinsPaid and Atomic Wallet for hundreds of millions more, all while evolving tactics like spear-phishing, macOS malware, and social engineering on helpdesks to stay one step ahead, a testament to their adaptability and global reach.

Attribution and Analysis

  • US Government attributes Lazarus to Reconnaissance General Bureau since 2017.
  • FireEye's 2016 report first publicly linked Lazarus to North Korea.
  • MITRE ATT&CK profiles Lazarus as G0032 with 50+ techniques.
  • CrowdStrike names Lazarus as top threat actor in 2023 reports.
  • Chainalysis tracks $600M+ Lazarus crypto thefts since 2022.
  • UN Panel of Experts links Lazarus to 50% of DPRK cyber revenue.
  • FBI indicted Park Jin Hyok in 2018 for Sony and WannaCry.
  • Microsoft Threat Intelligence tracks 9 Lazarus clusters.
  • Mandiant attributes Bluenoroff subgroup to financial ops.
  • Operation Blockbuster by FireEye dismantled Lazarus infrastructure.
  • Symantec confirms Lazarus use of HermitSpy in Middle East.
  • Recorded Future links Lazarus to 170+ domains in 2023.
  • NSA leaked tools like ETERNALBLUE tied to Lazarus exploits.
  • UK NCSC attributes WannaCry directly to Lazarus.
  • Over 80 sanctions by US Treasury on Lazarus members and entities.
  • ESET discovers BluStealer linked to Lazarus in 2023.
  • Google TAG observes Lazarus targeting aerospace/defense.
  • FBI warns of 300% rise in Lazarus crypto activity in 2023.
  • Kaspersky attributes Operation In(ter)ception to Lazarus.
  • Cisco Talos tracks MagicRAT updates by Lazarus.
  • DHS/FBI joint advisory on FASTCash in 2018.
  • SWIFT's customer security programme triggered by Lazarus attacks.
  • CISA adds Lazarus indicators to known exploited catalog.
  • Interpol issues red notices for 11 Lazarus members.

Attribution and Analysis Interpretation

Since FireEye first publicly linked Lazarus Group to North Korea in 2016—and the U.S. Government has since attributed it to the Reconnaissance General Bureau—this cyber actor has emerged as one of the most prolific, versatile, and impactful threats, with MITRE detailing 50+ attack techniques, Chainalysis tracking $600M+ in crypto thefts since 2022, the UN citing it for half of North Korea’s cyber revenue, and high-profile incidents like Sony, WannaCry, and the use of tools such as ETERNALBLUE; it has also faced over 80 U.S. sanctions, Interpol red notices, and a 300% spike in 2023 crypto activity, with subgroups like Bluenoroff and HermitSpy targeting financial, aerospace, and defense sectors (with tools like MagicRAT and BluStealer), Microsoft tracking 9 clusters, and Kaspersky naming Operation In(ter)ception—yet remains CrowdStrike’s top threat actor in 2023, a testament to its enduring reach and sophistication. This version balances concision with comprehensiveness, weaves in key details naturally, avoids jargon, and maintains a serious tone while acknowledging the group’s complex, far-reaching activity. The "testament to its enduring reach and sophistication" adds a subtle nod to its persistence without feeling forced.

Financial Losses

  • The Sony hack resulted in $100 million in damages and lost revenue for Sony Pictures.
  • WannaCry caused global economic losses estimated at $4 billion to $8 billion.
  • Bangladesh Bank heist netted Lazarus $81 million successfully transferred.
  • Ronin Network hack led to $625 million stolen in Ethereum and USDC.
  • Harmony Horizon Bridge theft amounted to $100 million in multiple tokens.
  • Atomic Wallet hack attributed to Lazarus resulted in $100 million losses.
  • CoinsPaid ransomware attack by Lazarus stole $37.3 million in Bitcoin.
  • Alphapo (Safe) wallet losses from Lazarus reached $41 million in July 2023.
  • Youbit exchange lost 17% of its assets, approximately $6 million, to Lazarus.
  • Bithumb hack in 2018 linked to Lazarus caused $31 million in losses.
  • KuCoin 2020 hack stole $280 million, with Lazarus laundering portions.
  • Poly Network exploit of $611 million, Lazarus suspected in orchestration.
  • Vietnam Airlines lost revenue from stolen 400,000 cards, estimated $10 million impact.
  • Polish bank attack attempted $1 million theft, causing operational downtime costs.
  • DarkSeoul attacks cost South Korean banks millions in recovery.
  • Overall, Lazarus crypto thefts from July 2023 to July 2024 exceeded $200 million.
  • FASTCash campaign enabled $1 million+ ATM cashouts across multiple countries.
  • Operation Blockbuster linked Lazarus to attacks costing victims hundreds of millions.
  • North Korean hackers, including Lazarus, stole $3 billion in crypto since 2017.
  • TraderTraitor stole $152 million from individual traders using fake apps.
  • Sony Pictures incurred $35 million in IT recovery costs alone.
  • WannaCry hit UK's NHS for £92 million in losses.
  • Lazarus-linked attacks on Indian banks prevented larger losses but cost millions in defenses.
  • Bithumb hack led to $18 million immediate loss after 35% token drop.

Financial Losses Interpretation

Over the past decade, the Lazarus Group—often tied to North Korea—has launched a relentless global cyber campaign, from causing $35 million in IT recovery costs for Sony Pictures and £92 million in losses at the UK’s NHS (via WannaCry) to siphoning over $3 billion in crypto since 2017 (including the $81 million Bangladesh Bank heist, $625 million from the Ronin Network, and $100 million from the Harmony Horizon Bridge), and hitting smaller but costly targets like stealing $41 million from Safe in July 2023, attempting $1 million from a Polish bank, or inflicting millions in South Korean bank recoveries through DarkSeoul—truly a threat that spans industries, scales, and continents, leaving billions in financial damage, disrupted services, and a constant need for adaptive defense against its evolving tactics.

Malware and Tools

  • Lazarus deploys WannaCry ransomware using ETERNALBLUE exploit (CVE-2017-0144).
  • Group uses custom malware families like DESTOVER wiper in DarkSeoul.
  • SWIFT-compromising malware used in Bangladesh heist called evtdiag.exe.
  • Operation Blockbuster revealed 11 Lazarus malware families including SHIPSHAPE RAT.
  • AppleJeus macOS malware masquerades as crypto trading apps.
  • FASTCash malware targets ATM SWIFT POS systems for cashouts.
  • TraderTraitor uses Android malware like DeFiWalletFake for keylogging.
  • WannaCry exploits SMBv1 vulnerability with DOUBLEPULSAR backdoor.
  • Group employs spear-phishing with malicious Office docs exploiting CVE-2017-0199.
  • Custom RATs like LIGHTLESSSKY used in crypto exchange intrusions.
  • Operation Dream Job uses LinkedIn lures with Google Drive-hosted malware.
  • Lazarus uses Manuscrypt backdoor in multiple campaigns.
  • Tools include Mimikatz for credential dumping post-exploitation.
  • Cobalt Strike beacons repurposed for C2 in recent ops.
  • BrowserGood extension malware steals crypto wallet data.
  • LazariKey ransomware deployed against non-crypto targets.
  • Group leverages Tor for C2 and laundering via mixers.
  • Custom loaders like Rc4Aes dropper used in Atomic Wallet.
  • PowerShell-based loaders for initial access in banking ops.
  • Wiper malware variants evolve from Shamoon influences.
  • Nestead agent for persistence in Linux environments.

Malware and Tools Interpretation

The Lazarus Group, a cyber threat actor with a strikingly varied and ever-adapting toolkit, has employed tactics ranging from the WannaCry ransomware (exploiting the EternalBlue SMBv1 vulnerability with the DoublePulsar backdoor and deployed in DarkSeoul) and custom wiper malware like DESTOVER to targeting SWIFT systems in the Bangladesh heist with evtdiag.exe, macOS crypto-trading apps with AppleJeus, ATMs and POS systems via FASTCash, and Android devices with keylogging malware such as DeFiWalletFake in the TraderTraitor campaign, while also using spear-phishing with malicious Office docs (exploiting CVE-2017-0199), custom RATs like LIGHTLESSSKY for crypto exchange intrusions, the Manuscrypt backdoor, credential-dumping tools like Mimikatz, repurposed Cobalt Strike beacons, the BrowserGood extension for crypto wallet theft, the LazariKey ransomware for non-crypto targets, and Tor with mixers for C2 and laundering, alongside loaders like Rc4Aes (for Atomic Wallet) and PowerShell (in banking operations), wiper malware evolved from Shamoon, and the Nestead agent for Linux persistence.

Victims and Targets

  • Lazarus Group primarily targets financial institutions, governments, and crypto platforms worldwide.
  • South Korea has been hit by over 20 Lazarus campaigns since 2011.
  • US entities, including Sony and crypto firms, comprise 15% of known Lazarus victims.
  • Bangladesh Central Bank was a key victim in SWIFT hacks affecting 5 banks total.
  • Vietnam Airlines and other Asian carriers targeted for payment data.
  • Ronin Network, supporting Axie Infinity game with 2.5 million users, was breached.
  • Harmony blockchain's Horizon Bridge served DeFi users across 10+ chains.
  • Atomic Wallet had 2 million+ users affected by the malware campaign.
  • CoinsPaid, servicing 500k+ users, lost funds from hot wallets.
  • 35+ cryptocurrency exchanges targeted by Lazarus since 2016.
  • South Korean government and military networks attacked in DarkSeoul.
  • Democratic National Committee servers probed by Lazarus actors.
  • Polish financial regulator and banks targeted in 2017.
  • Indian banks like Cosmos received malware implants.
  • NHS England hospitals disrupted, affecting 80 trusts.
  • Global manufacturing like FedEx and Telefónica hit by WannaCry.
  • Crypto platforms like ByBit and Stake.com investigated as Lazarus targets.
  • Over 10 Middle Eastern banks probed in FASTCash operations.
  • Gaming firms like Sky Mavis (Axie) represent emerging DeFi targets.
  • Youbit and Bithumb represent 2 of 5 major South Korean exchange victims.

Victims and Targets Interpretation

Widely feared and prolific, the Lazarus Group has been a global cyber troublemaker since 2011, hitting financial institutions, governments, and crypto platforms—including South Korea (over 20 campaigns), over 35 cryptocurrency exchanges since 2016, the Bangladesh Central Bank (via SWIFT hacks affecting 5 banks), Sony, Vietnam Airlines (for payment data), Ronin Network (2.5 million users), Harmony's Horizon Bridge, Atomic Wallet (2 million+ users), CoinsPaid (500k+ users), exchanges like ByBit and Stake.com, South Korea's Youbit and Bithumb, the Democratic National Committee servers, Polish financial regulators and banks (2017), Indian banks like Cosmos, NHS England (80 trusts), FedEx, Telefónica (via WannaCry), and over 10 Middle Eastern banks (via FASTCash)—proving no sector or region is entirely safe from its digital raids.

Sources & References

Logos provided by Logo.dev