Audrey Han — April 14, 2026
As the global stage grows increasingly digitalized, North Korea has emerged with a task force, the Lazarus Group, to conduct international cyber attacks. Starting in 2009, the group began robbing banks and hacking cryptocurrency exchanges to generate revenue for the state, using cybercrime as one of the many ways the regime boosts its economy. Since then, they’ve gained international traction by attacking Sony Pictures, the Central Bank of Bangladesh and even the national health services in the United Kingdom. However, unlike many other global cyberterrorism threats, this group is unique in that it’s backed by North Korea government officials.
While developed on the general premise of cyberattacks, 2025 saw the group begin targeting the defense, aerospace and cryptocurrency sectors for both heightened monetary gains and strategic espionage. Linked to many subgroups like BlueNoroff, Labyrinth Chollima, APT38 and UNC1069, Lazarus has been responsible for many major crypto thefts. This includes the Bybit heist, where a record $1.5 billion was stolen, as well as targeting many South Korean defense and biotech agencies. Additionally, the group seems to have taken an interest in many of the modern conflicts today, including the Russian-Ukrainian war. In October 2025, a scheme dubbed Operation Dreamjob began, with many Lazarus agents targeting European defense and UAV firms through fake job officers towards employees and open-source software that was revealed to contain Trojan viruses. At least two of the three companies targeted were tied to critical drone component supply chains, with all three active in the defense sector. Since the Russian-Ukrainian conflict, drone warfare has advanced significantly. With North Korea’s developing interference, the Lazarus group has henceforth been instructed to steal proprietary technology and intelligence on unmanned aerial vehicles. Essentially serving as a shortcut, the information gained drives North Korea forward on a global stage despite severe trade and diplomatic restrictions on its technological and military development.
Recently, the group has struck again, gaining access to the account of a software developer who manages an open-source software called Axios. Axios is a software package that is used by thousands of American companies to manage and build their websites, notably many cryptocurrency firms, as well as companies in the healthcare and finance sectors. Lazarus also targeted Drift Protocols, a leading decentralized exchange (DEX) that was built on the Solana blockchain. The Solana blockchain is one of the fastest and most scalable blockchains for cryptocurrency, achieving over 2,700 transactions per second with the help of Drift Protocols, making it a notable target for money-hungry North Korean hackers. After the attack, it was reported that Lazarus drained over $285 million in user assets. This attack came after Drift Protocols began a security platform migration, creating a malware detection delay that created an exploitable gap for Lazarus to take advantage of.
The motive behind their actions remains clear. As a heavily sanctioned nation, North Korea cannot rely on banking or trade as a source of foreign currency. Most recently, the funds have expanded beyond just feeding the people. It has been discovered that North Korea has used new intelligence to develop nuclear-powered submarines, satellites and other high-tech military projects. These attacks recently predate North Korea’s recent weapons test, which included ballistic missiles armed with cluster-bomb warheads. In general, the enhanced rate of attacks on U.S. cryptocurrency firms indicates a greater need for funding, which aligns with the rapid development of North Korea’s weapons of mass destruction (WMD) program. Around half of North Korea’s missile program has been estimated to be funded by digital heists and robberies.
In the meantime, experts have reported that it would take months to assess the impact of a hack, demonstrating the growing danger of the group. Many companies weren’t even aware they were hacked, and as companies slowly realize, the expected monetary and security toll is expected to be much higher.
Read more here:
