The Lazarus Heist: From Hollywood to High Finance: Inside North Korea’s Global Cyber War
- Author: Geoff White
The bottom line
Geoff White writes the best collective history and easily accessible account of the North Korean Lazarus Group’s progress and journey into becoming the most commercially successful state business. The Lazarus Group started before crypto and cybercrime, in 1989, with counterfeit dollars. White has been covering crypto crime for over a decade. He brings his wit and intelligence to writing about crypto crime in this book, conveying to the common person what impacts us all. I recommend this book to the Hall of Fame.
- Book Review By Jeff Schiemann
As defenders, we divide our IT security stacks into areas of clear responsibilities. Where we set our boundaries, attackers seize their opportunities. Too often, defenders think like a herd of sheep, practicing so-called safety in numbers. The wolves cull the herd by taking the old and the weak.
The Lazarus Group is mindful. In their most recent heist of $1.5 billion in Ethereum from Bybit, they monitored the affected smart contract and crypto wallets and carried out test transactions for days, waiting for the maximum value.
The Lazarus Group plans months in advance. Decentralised exchanges, crypto tumblers-mixers, money-laundering infrastructure; placement, layering and integration- these all take time and investment to be ready to receive stolen funds.
The Lazarus Group has a deep understanding of the world’s financial system while not being connected to it. In the Bank of Bangladesh heist, the group’s knowledge of the SWIFT payment system was profound.
The Lazarus Group learns from its mistakes. Just the mention of the word “Jupiter” cost them over $900 million. Those not defeated in battle get better at war.
The Lazarus Group works on multiple operational levels: preparation, execution, follow-up, and, I am sure, even lessons learned. They are running multiple campaigns all the time: from Sony Pictures, WannaCry, ransomware and extortion activities, to an ATM card scam and money-muling operation worth tens of millions of dollars across 19 countries with globally coordinated time zones all within a window of just a few hours. It is a volume business, and business is good for them.
This book is about how global economic sanctions, cultural education system, strict social control, and a state ostracised from the world’s order leveraged all of its capabilities (not just cyber) to become the most profitable Advanced Persistent Threat actor (APT38). As defenders, the Lazarus Group dines on any sheep that continues to underestimate them.
If you have been unfortunate enough to be targeted by the Lazarus Group, then you need to read this book for the history and understanding of their motivation. If you have not yet met the Lazarus Group, consider yourself lucky; you need to read this book before they find you and your business. If your business has money, tick-tock, it is only a matter of time.
We modeled the Cybersecurity Canon after the Rock & Roll Hall of Fame, except for cybersecurity books. Our volunteer CISOs have reviewed over 200 books on different aspects of cybersecurity to offer a curated list of must-read, timeless books for all professionals involved in cybersecurity
The Cybersecurity Canon project is a non-profit organization. We invite everybody to join the community and contribute. You can nominate your favorite cybersecurity books and even join the team that writes reviews.