Lazarus
This group was dubbed Lazarus.
But, there was more. As experts dug deeper,
combing through the server logs of recent attacks, they found something even
more unexpected. An IP address connecting Lazarus to a particular nation state.
For a brief moment they had failed to cover their tracks. And the logs had
indicated that the attack servers they used had been accessed at least once
from a North Korean IP address. There was also Korean language found embedded
in the computer code. Now, it is important to note, that it is possible that
North Korea was framed, with the attackers leaving behind purportedly solid
evidence in order to mislead investigators. But, according to the majority of
cybersecurity experts, it is almost certain that North Korea was behind the
attacks. And, it wasn't just attacks on financial institutions, They were also
revealed to be responsible for many cyber terrorism and cyber espionage campaigns
against the South Korean government and various South Korean infrastructures.
Then there's the Sony Pictures hack of 2014. One of the biggest corporate breaches
in history. Lazarus had taken great exception to the plot of the film 'The Interview',
where the North Korean leader, Kim Jong Un, was targeted for assassination by the CIA.
Cinemas across the US were threatened with terrorist attacks if the film wasn't pulled.
North Korea, of course, denied any responsibility. But, it seemed fairly obvious that
this group was actively targeting known enemies of the State.