Insights, news, education and announcements from PolySwarm | Lazarus Group

Lazarus Expands Financial Espionage Operations With Memory-Resident RemotePE RAT

May 29, 2026 3:21:34 PM / by The Hivemind posted in Threat Bulletin, Lazarus Group, RemotePE, RemotePELoader, North Korea cyber threat, cryptocurrency malware, DPAPILoader

Verticals Targeted: Financial, Cryptocurrency
Related Threat Actors: Lazarus
Related Families: DPAPILoader, RemotePELoader, RemotePE

Executive Summary

Researchers identified a sophisticated Lazarus-linked malware ecosystem composed of DPAPILoader, RemotePELoader, and RemotePE, a chained toolset designed for stealth, persistence, and long-term access in high-value financial and cryptocurrency environments. The malware leverages DPAPI-based environmental keying, direct syscall techniques, ETW suppression, and memory-only payload execution to minimize forensic visibility and evade modern endpoint defenses.

Read More

The Bybit Hack: How the $1.5B Windfall Could Fuel a Surge in Cybercrime

Mar 4, 2025 10:39:08 AM / by Blake Reyes posted in Lazarus Group, Cryptocurrency, Bybit

The recent $1.5 billion hack of Bybit, allegedly orchestrated by the Lazarus Group, has sent shockwaves through the cryptocurrency industry. While this North Korean state-sponsored hacking group has a well-documented history of targeting crypto exchanges, the size of this breach sets a new precedent. Beyond the immediate financial impact, this incident raises serious concerns about how Lazarus will leverage these stolen funds in the future. From within the crypto space to their broader cybercriminal activities.

Read More

Lazarus Group Targets Crypto With TraderTraitor

Apr 25, 2022 11:26:42 AM / by PolySwarm Tech Team posted in Threat Bulletin, North Korea, Lazarus Group, TraderTraitor, Cryptocurrency

Background

CISA, FBI, and the US Treasury Department recently released a joint advisory on TraderTraitor, a Lazarus group campaign targeting blockchain companies.

Read More