Keep updated
Get in touch
| Type | Company | [sources] | |||
|---|---|---|---|---|---|
| Name | Andariel · Bluenoroff · Lazarus Group · Stardust Chollima · アンダリエル · | [sources] | |||
| Alias | APT 38 · APT 45 · Andariel · Bluenoroff · Clasiopa · | [sources] | |||
| Weak alias | APT 38 · APT-C-26 · APT38 · Appleworm · Group 77 · | [sources] | |||
| Incorporation date | not available | [sources] | |||
| Jurisdiction | not available | [sources] | |||
| Country | North Korea | [sources] | |||
| Description | North Korean cybercrime group controlled by the Reconnaissance General Bureau (RGB; KPe.031). | [sources] | |||
| PermID | 5096757284 | [sources] | |||
| Registration number | not available | [sources] | |||
| Unique Entity ID | LQ4GFKZVYWN3 · N8Y9W2MA9LD5 · TGL5LMJ6PEJ7 | [sources] | |||
| Status | Active | [sources] | |||
| Address | Democratic People's Republic of Korea · Korea, North · North Korea · POTONGGANG DISTRICT, PYONGYANG · Potonggang District Pyongyang Korea, North · | [sources] | |||
| Source link | home.treasury.gov · home.treasury.gov · home.treasury.gov · home.treasury.gov · home.treasury.gov · | [sources] | |||
| Last change | Last processed | First seen | |||
0x3e37627dEAA754090fBFbb8bd226c1CE66D255e9;
0x08723392Ed15743cc38513C4925f5e6be5c17243;
ヒドゥン・コブラ;オフィス91;ガーディアンズ・オブ・ピース;ザ・ニュー・ロマンティック・サイバー・アーミー・チーム;フーイズ・ハッキング・チーム;レッド・ドット;テンプ・ハーミット;グループ77;ジンク;エー・ピー・ティー・シー26;アップルワーム
Hidden Cobra; Office 91; Guardians of Peace; The New Romantic Cyber Army Team; Whois Hacking Team; Red Dot; Temp.Hermit; Group 77; Zinc; APT-C-26; Appleworm
0x35fB6f6DB4fb05e6A4cE86f2C93691425626d4b1;
0xa0e1c89Ef1a489c9C7dE96311eD5Ce5D32c20E4B;
0x098B716B8Aaf21512996dC57EB0615e2383E2f96;
0xF7B31119c2682c88d88D455dBb9d5932c65Cf1bE;
0x53b6936513e738f44FB50d2b9476730C0Ab3Bfc1;
0x3Cffd56B47B7b41c56258D9C7731ABaDc360E073;
暗号資産アドレス:
Stardust Chollima; APT 38; APT38
スターダスト・チョルリマ;エー・ピー・ティー38
According to Footnote 110 (p. 50) of the UN Panel of Experts March 2019 report, Lab 110 could be the same organization as Lazarus Group: "The United States stated that Chosun Expo is “a front company affiliated with Lab 110, one of the North Korean government’s hacking organizations. That hacking group is what some private cybersecurity researchers have labeled the “Lazarus Group.”".
According to Annex 59 of the UN Panel of Experts March 2024 Report, the DPRK cyber actors BlueNoroff and TA444 have overlaps.
The Consolidated List is a list of all persons and entities who are subject to targeted financial sanctions under Australian sanctions law
Australia · DFAT
The Consolidated Screening List (CSL) is a list of parties for which the United States Government maintains restrictions on certain exports, re-exports, or transfers of items.
United States · ITA
A database of suppliers who have been excluded from participating in US federal procurement.
United States · GSA
Entities subject to export restrictions due to concerns about the end-use or end-users, particularly relating to weapons of mass destruction (WMD) or other military applications.
Taiwan · MOEA
The primary United States' sanctions list, specially designated nationals (SDN) part.
United States · OFAC
Cryptocurrency addresses connected to the $41 million theft from Stake.com, attributed to the Lazarus Group.
United States · FBI
Sanctions imposed by Japan under its Foreign Exchange and Foreign Trade Law.
Japan · MoF
A database of entities and events related to North Korea's sanctions evasion efforts.
United Kingdom · RUSI · non-official source
The record has been enriched with data from the following external databases:
Permanent Identifier (PermID) is a reference data spine offered by LSEG/Refinitiv to help create unique identifiers for organizations that are publicly listed.
External dataset · LSEG · non-official source
US OFAC press releases that provide context and details related to sanctioned entities.
External dataset · United States · OFAC
ja-mof-adcae85e9ca37a3d3b0f199255441916c619e1df · usgsa-s4mr9rtm0 · kprusi-a4493abed7460d726f3b182da5cee1ce8be722dd · ofac-pr-d87aa7e96c914338962df6806f02eb0c5d107a88 · tw-shtc-5acb829a4e73bde24d5ba583af9299e0aa62e2c1 · au-dfat-8387-andariel · tw-shtc-eff1b85a4372dd0c807b8826535dbe9b3257cd2f · NK-MYHWYA7zLoQoGrPfVPUcYt · usgsa-s4mr9rtm1 · ja-mof-78a396f59f8e50f5b630542db3392c64b6f81516 · ofac-pr-415c7facd50eebb0fa11969a52b137216f56474d · ofac-pr-1f06eead78534906b17e5141632f459afbdc2328 · ja-mof-011e83f4995a3526bea80a7641d14967cbe00581 · permid-5096757505 · ofac-27307 · ofac-pr-8f946361fee65da8a3d31d13da6b2c36e71d48a5 · usgsa-s4mr9rtm2 · ofac-pr-ec460b365d710a11a997e1b3aee47968c8d8ae31 · au-dfat-8386-lazarus-group · kprusi-3ab4e91c981e0d769c50009746be35b430636624 · ofac-pr-a2ae8e20bc1f1fef99cf3bec47c324172d51bf06 · ofac-pr-4286698de4980b3df90331104fdc1d554fa8d1f6 · tw-shtc-d6c693a662b39d408624b5140400462872ad5269 · ofac-27308 · ofac-pr-e075e64920344708e41728ad462edc62c177c989 · fbi-lazarus-lazarus-group · ofac-27309 · tw-shtc-cdcf6a89a482ce83526a49f4c4970d27c6f2e452 · permid-5096757284 · NK-TVdwaQb2seGcH8LS5fpXPUFor experts: raw data explorer
/match API function when implementing a screening system.GET https://api.opensanctions.org/entities/NK-Xv8CnM8sgddxx7QenotGtb?nested=true
OpenSanctions is free for non-commercial users. Businesses must acquire a data license to use the dataset.
| Address | ||
|---|---|---|
| Full address | Country | |
| Potonggang District, Pyongyang | North Korea | |
| Democratic People's Republic of Korea | ||
| Cryptocurrency wallets | ||
|---|---|---|
| Currency | Address | |
| Bitcoin | bc1qqa682d2q0wtx5gfpxh4yfl9s4k00ukakl5fpk5 | |
| Bitcoin | bc1qg0qygyv3qfp8cjyy99ch9vc9dp876vl8wys67u | |
| Documents | ||
|---|---|---|
| Document | Date | |
| Treasury Designates DPRK Weapons Representatives | ||
| Treasury Sanctions Individuals Laundering Cryptocurrency for Lazarus Group | ||
| Linked from | ||||
|---|---|---|---|---|
| Subject | Role | Start date | End date | |
| Third Bureau of the Reconnaissance General Bureau | Stardust Chollima is reported to be included in the Third Bureau of the Reconnaissance General Bureau | - | - | |
| United States | TREAS-OFAC | Reciprocal | - |
| Japan | Ministry of Finance | 国際平和のための国際的な努力に我が国として寄与するために講ずる資産凍結等の措置の対象となる | - |
| United States | Office of Foreign Assets Control | North Korea Sanctions | - | - |
| Australia | Department of Foreign Affairs and Trade | Democratic People's Republic Of Korea (North Korea) Sanctions Regime | - |
| Japan | Ministry of Finance | 国際平和のための国際的な努力に我が国として寄与するために講ずる資産凍結等の措置の対象となる | - |
| United States | Office of Foreign Assets Control | North Korea Sanctions | - | - |
| United States | TREAS-OFAC | Reciprocal | - |
| United States | Office of Foreign Assets Control | North Korea Sanctions | - | - |
| Australia | Department of Foreign Affairs and Trade | Democratic People's Republic Of Korea (North Korea) Sanctions Regime | - |
| 北朝鮮平壌特別市普通江区域 | - |
| Potonggang District, Pyongyang, Democratic People's Republic of Korea | - |
| Ethereum | 0x7d84d78bb9b6044a45fa08b7fe109f2c8648ab4e |
| Bitcoin | bc1qfesn3jj65fhmf00hh45ueql8je8jae6ep3qk84 |
| BSC | 0x0004a76e39d33edfeac7fc3c8d3994f54428a0be |
| Bitcoin | bc1qqydp9muxtnxyet3ryfqc467wjtm23f0r7eh5aa |
| Polygon | 0xa2e898180d0bc3713025d8590615a832397a8032 |
| Bitcoin | bc1qy0ggpxu8f6lta6vf44vervr4py2uu829grj8yh |
| Bitcoin | bc1qtnuzecpqaakj0dt855n24dv7u5pme7vyct2cf2 |
| Bitcoin | bc1qqvpjgaurtnhc8smkmdtwhx9c8207m0prsyxyjx |
| Sanctions Imposed on DPRK IT Workers Generating Revenue for the Kim Regime |
| Sanctions Imposed on DPRK IT Workers Generating Revenue for the Kim Regime |
| Treasury Sanctions Mixer Used by the DPRK to Launder Stolen Virtual Currency |
| Sanctions Imposed on DPRK IT Workers Generating Revenue for the Kim Regime |
| U.S. Treasury Issues First-Ever Sanctions on a Virtual Currency Mixer, Targets DPRK Cyber Threats |
| Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups |
| Treasury Designates Roman Semenov, Co-Founder of Sanctioned Virtual Currency Mixer Tornado Cash |
| Reconnaissance General Bureau Export controlled · Sanctioned entity | The Reconnaissance General Bureau oversees all North Korean cybercrime activities | - | - |
| TA444 | TA444 "overlaps" with Bluenoroff, aka Stardust Chollima | - | - |
| UNC 4899 | The entities have "overlaps" | - | - |
| Celas Ltd. | Celas is a fake shell company backed by the Lazarus group | - | - |
| Kim Hyon Woo | Kim Hyon Woo is a fake persona used by the Lazarus Group | - | - |
| JMT Trader | Linked | - | - |
| - | BlueNoroff (Stardust Chollima) is a subgroup of the Lazarus Group | - | - |
| Third Bureau of the Reconnaissance General Bureau | The Lazarus Group is reported to be included in the Third Bureau of the Reconnaissance General Bureau | - | - |
| Reconnaissance General Bureau Export controlled · Sanctioned entity | The Reconnaissance General Bureau oversees all North Korean cybercrime activities, Lazarus group included | - | - |
| Andariel | Andariel is a subgroup of Lazarus | - | - | |
| 110 Research Institute of the Reconnaissance General Bureau | Larazus Group is working with or on behalf of the 110 Research Institute | - | - | |
| - | BlueNoroff (Stardust Chollima) is a subgroup of the Lazarus Group | - | - |
| Park Jin Hyok Export controlled · Sanctioned entity | Member | - | - |