North Korea has several notorious hacker groups that have been linked to cyberattacks worldwide. The most well-known ones include: ### 1. [[Lazarus Group (APT38)]] - **Most Famous For:** The 2014 Sony Pictures hack, WannaCry ransomware attack (2017), and various bank heists, including the $81M Bangladesh Bank heist. - **Tactics:** Cyber espionage, financial theft, and destructive malware. - **Targets:** Governments, banks, cryptocurrency exchanges, and major corporations. ### 2. [[APT37 (Reaper)]] - **Most Famous For:** Targeting South Korea, journalists, defectors, and government agencies. - **Tactics:** Cyber espionage, zero-day exploits, and surveillance. - **Targets:** Primarily South Korea, but also other international entities. ### 3. [[APT38]] - **Most Famous For:** Large-scale financial heists, particularly targeting SWIFT banking systems. - **Tactics:** Banking malware, financial fraud, and hacking financial institutions. - **Targets:** Banks, financial services, and crypto exchanges. ### 4. [[Kimsuky]] - **Most Famous For:** Spying on South Korean government and think tanks, nuclear policy experts. - **Tactics:** Spear phishing, malware, and intelligence gathering. - **Targets:** Political organizations, journalists, academics, and government entities. ### 5. [[Andariel]] - **Most Famous For:** Cyberattacks on South Korean military and infrastructure. - **Tactics:** Cyber espionage, ransomware, and financial fraud. - **Targets:** South Korean military, financial institutions, and corporations. All of these groups operate under North Korea’s **Reconnaissance General Bureau (RGB)**, the country’s primary intelligence agency. Their activities focus on espionage, financial theft to fund the regime, and cyber warfare.