Every day in December, we’re taking a look back at some of our favorite content of 2025. Today it’s over to benhopkins​, Cyber Security Engineer, for a dive into the murky waters of North Korean cyber espionage…

Lazarus Cyber Espionage Campaign: Analysis

This analysis outlines how North Korean cybercriminals and advanced persistent threats conduct cyber espionage operations against European targets. 

You’ll learn about Lazarus, the North Korean state-sponsored threat actor, and its tactics, techniques, and procedures (TTPs) when targeting Western nations on behalf of Pyongyang. Then, you’ll analyze a sophisticated piece of North Korean malware to identify indicators of compromise.

Why this lab?

In large organizations, cyber threat intelligence mostly focuses on Russia and China as the big players in the cyber espionage space. This lab sheds light on how the North Korean government structure works, and how it utilizes cybercriminal and nation-state employed assets to generate income in a heavily sanctioned country. 

This reverse-engineering lab will take you through Lazarus’s custom malware and cipher, along with how to detect and break it, to give you a better understanding of North Korean state-sponsored actor TTPs.

Ready to put your skills to the test? Start the lab now.