Threat Actor Profile

Lazarus Group

Aliases
  • Labyrinth Chollima
  • HIDDEN COBRA
  • ZINC
  • Jade Sleet
  • Citrine Sleet
Origin
North Korea
Motivation
Espionage, Disruption, Financial theft, Cryptocurrency-focused operations
Cause
Nation State
Recent Activity

The FBI attributed the approximately $1.5 billion Bybit cryptocurrency theft from February 2025 to North Korean activity tracked as TraderTraitor, commonly associated with the broader Lazarus ecosystem.

Primary Targets
  • Sony Pictures Entertainment
  • Harmony’s Horizon Bridge
  • 3CX
  • Archblock
  • Robinhood
  • eToro
  • Bybit
  • Gemini Crypto
  • Balancer Protocol
Target Locations
  • South Korea
  • India
Target Sectors
  • Healthcare
  • Finance
  • Energy
  • Utilities
  • Media & Entertainment
  • Technology
  • Manufacturing
  • Transportation
  • Business Services
  • Consumer Goods
  • Government
  • Education

How Bitsight Helps

Understanding threat actor capabilities is only half the battle—the other half is knowing whether your organization is in their crosshairs. See how Bitsight threat intelligence helps you move from observation to action.

Request threat intel demo