Subscribe To Our Newsletter!

Stay up to date on the top trending threats as well as the top stories in Security, Networks, Cloud, IT Ops & AIOps.

KNOW your threat actor of the week: Hidden Cobra

Hidden Cobra or "Lazarus Group" is a North Korea-based threat actor.

Post by Rajarshi Mitra Sep 02, 2020

Hidden Cobra is, by far and away, the most referenced threat actor on KNOW’s threat intel dashboard.
Let’s drill into the data on KNOW.

Who are the “Hidden Cobra”?

hidden cobra

Hidden Cobra or “Lazarus group” are a notorious threat actor from North Korea who active since 2009. While they are probably most known for the infamous Sony Pictures data breach, they are also known for – Operation Kimsuky, Magecart Campaign, HaoBao campaign, Operation AppleJeus, and Operation North Star.

Hidden Cobra has several other aliases like Guardians of Peace, ZINC, NICKEL ACADEMY, etc. The United States Federal Bureau of Investigation has labeled the group as a North Korean “state-sponsored hacking organization.”

Most infamous Hidden Cobra attacks

#1 South Korea Cyberattack

In March 2011, Hidden Cobra launched a series of attacks called “Ten Days of Rain” on specific South Korean media, financial, and critical infrastructure, consisting of sophisticated DDoS attacks. The group continued the attack on March 20, 2013, and targeted three South Korean broadcast companies, financial institutes, and an ISP.

#2 Sony Breach

On November 14, 2014, a Reddit post that stated that Sony Pictures had been hacked by a group identifying themselves as “Guardians of Peace” started showing up. The group had been stealing and leaking a large amount of the company’s data for over a year. The hackers leaked unreleased films, emails, and personal information of over 4,000 employees in the process. Researchers discovered that the group behind the attack was Hidden Cobra.

#3 Various Cryptocurrency Attacks

Around late-2017, North Korea-based groups like Hidden Cobra started a series of cryptocurrency-related attacks. As per reports, the reason behind North Korea’s interest in cryptocurrencies was to find a way to mitigate the various international financial sanctions placed on top of them.

Some examples of the group’s attacks are as follows:

  • February 2017: Stole $7 million from Bithumb, a South Korean exchange.
  • December 2017: A South Korean exchange called “Youbit” was forced to declare bankruptcy after the group robbed them of 17% of their assets.
  • December 2017: NiceHash, a crypto cloud mining company, was hacked for 4,500 BTC.

KNOW about Hidden Cobra

hidden cobra

KNOW allows you to gain a bird’s eye view and full context about the threat actor in question. This empowers you to make business-critical decisions with full context and ensure that you have everything you need to protect your organization from Hidden Cobra.

Industries affected by Hidden Cobra

  • Finance
  • Aerospace and defense
  • Manufacturing
  • Media and entertainment
  • Telecommunications
  • Banking
  • Industrial equipment
  • Hospitals
  • Aviation

Important data captured by KNOW:

  • Associated IP addresses: 20
  • Associated domains: 19
  • Hashes:85
  • URLs: 27
  • Malware: 32
  • Attack Vectors: 39

From the Twitterverse


The Lazarus Group recently targeted an employee of a #cryptocurrency exchange with a fake job offer in order to plant malware and steal virtual currency.


A new ransomware, VHD, was seen being delivered by the Lazarus group’s multiplatform malware platform, MATA.


Warning sign North Korean cyber actors are using #malware variants to carry out an ongoing ATM cash-out scheme and steal money from banking systems.

What is KNOW?

KNOW is Netenrich’s Threat Intel Platform that extracts data from billions of data points and correlates relevant intel and expert analyst insights to help you follow, search, and act—in a fraction of the time it takes now.

One of KNOW’s handiest tools is the trending threats dashboard, which gives you a bird’s eye view of the most potent malware, threat actors, methods, and vulnerabilities in the following time frames:

  • Last 7 days.
  • Last 60 days.

So, want to check out KNOW some more? Why don’t you sign up? Did we mention that it’s completely free?
Or subscribe to get daily threat intel updates.

About the Author

Rajarshi Mitra

Rajarshi is a creative and accomplished writer who made his mark in the blockchain space before stepping into cybersecurity. When he is not working, he is busy chilling with his wife and cat.

Subscribe To Our Newsletter!

The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.

Thank you for subscribing!

Related Post

Jun 28 2021

KNOW this week – Clop ransomware and Molerats resurface agai

Clop ransomware launches a series of new attacks, ...

Read More
Jun 18 2021

KNOW this week – Avaddon, Fancy Lazarus, CVE-2021-3195

Deploy a reliable endpoint detection and resolutio...

Read More
Jun 07 2021

KNOW what’s trending this week – Darkside ransomware, Sodino

There’s an increasing trend in ransomware attacks ...

Read More