Now the group continues to be a thorn in the side of organisations across the globe as banks in 31 countries have been targeted in a new wave of attacks by Lazarus that began in October last year.
This latest wave of attacks came to light when a Polish bank discovered previously unknown malware on its network and shared indicators of compromise with other institutions, a number of which also found they'd fallen victim to the malware.
The source of the attack is suspected to have been the website of the Polish financial regulator, which was compromised by hackers who used a watering hole attack to redirect visitors to an exploit kit. This exploit kit infected specific targets with malware that's instructed to only infect visitors from around 150 different IP addresses.
While these are mostly banks, a small number of telecommunications and internet firms have also been targeted by this malware scheme, which takes aim at 104 organisations in 31 countries. Banks in Poland and the United States are most targeted by Lazarus in this attack, which also hit a number of banks in Central and South America.
The malware used in the latest attacks was previously unidentified, but researchers at Symantec have analysed the malicious software and have discovered that the code shares common traits with the Lazarus group.