Researchers from Kaspersky Lab and AlienVault, another vendor who contributed to the research, disclosed some of their findings during the Kaspersky Analyst Summit earlier this month. AlienVault also published a blog post with additional information Wednesday.
The fact that many of the group's targets were located in South Korea comes to enforce the possibility that Lazarus serves North Korean interests. The group is also known to have exploited zero-day vulnerabilities in a word processor called Hangul that's mainly used in South Korea.
Some of the attacks linked to the Lazarus group are: the July 2009 DDoS attacks against major government, news media, and financial websites in South Korea and U.S.; the March 2011 Ten Days of Rain attacks against South Korean media, financial, and critical infrastructure targets; and the March 2013 Operation DarkSeoul, which used malware to wipe the hard drives of several banks and TV broadcasters in South Korea.
The research effort into the Lazarus Group has been dubbed Operation Blockbuster. A special website has been set up for it to host the full report, as well as other resources that can help companies learn and defend their networks against this group.
Other organizations that participated in the coalition are: Symantec, Invincea, ThreatConnect, Volexity, PunchCyber, Trend Micro, RiskIQ, Carbon Black, JPCERT/CC and NetRisk.
Sign up for CIO Asia eNewsletters.