Who documents this group
The group known as Lazarus (one of its subgroups is identified as "TraderTraitor") is jointly tracked by several US agencies and security firms, with named, dated public advisories — not rumors.
The method: infiltrate, not just hack
What sets this arm of the group apart is that it doesn't just attack from the outside: operators get hired as real employees or contractors — fake resumes, fake identities, successfully passed interviews — to gain legitimate access to the company's systems. Once inside, they can siphon funds, steal intellectual property, or install malicious tools.
Why this case matters, even without a direct link to your inbox
Most scams an individual receives have no direct link to this particular group. But this case illustrates how structured organized fraud has become: no longer isolated individuals, but networks with documented methods that later spread into more common scams — fake recruiters, social engineering, fake profiles.
Frequently asked questions
Who documents the Lazarus group's activities?
Named public and private bodies: the FBI, CISA and the US Treasury (joint advisory), the US Department of Justice (seizures), plus Microsoft and Google Threat Intelligence / Mandiant on the company-infiltration side.
How does this group get into real companies?
By posing as remote developers or freelance contractors, with fake profiles and fake identities, to gain legitimate access to the hiring company's systems.
What's the link to the scams an individual receives?
No direct link for most victims of ordinary cold-calling or phishing — but this case illustrates just how structured organized fraud has become as an industry, with techniques (social engineering, fake profiles) that later filter down into more common scams.