Yesterday, newly published nalysis from the security firm Intel 471 uncovered links between North Korea’s Lazarus Group and Russian-speaking cybercriminals. The report pinpoints links between the two organizations through examining years of security incidents. The conclusion, however, depends on two popular and generally accepted assumptions: that the Trickbot, TA505, and Dridex malware variants are connected to Russian-speaking threat actors and that Lazarus Group has evident ties with North Korea.
The report concludes that North Korean attackers are active in the cybercriminal underground, maintaining relationships with Russian actors of similar strength and sophistication. According to Intel 471, the malware used and written by North Korean attackers was very likely distributed using network accesses held by the Russian-speaking cyberattackers. The clear link between TrickBot and its operators selling access to financial institutions to the North Koreans may also offer insight into Lazarus’s status and reputation on the underground cybercriminal platforms.
Read More: Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals