Cybercriminal Groups From Russia and North Korea Are Using a Shared Hacking Infrastructure

Two of the most active state-linked cybercrime groups—the Russian outfit Gamaredon and North Korea’s Lazarus collective—have been found to be using shared resources, according to new research published on Thursday, November 21.

Analysts at Gen Digital identified overlapping techniques and a common infrastructure employed by both groups.

The discovery is “unprecedented,” said Michal Salat, Gen Digital’s director of cyberthreat analysis. “I don’t recall instances of two countries cooperating in Advanced Persistent Threat attacks,” he said, referring to complex, long-running operations typically conducted by state-linked actors.

If confirmed, the findings would mark a new level of coordination between Moscow and Pyongyang.

Gamaredon is believed to be linked to Russia’s Federal Security Service and has aggressively targeted Ukrainian government networks since the invasion began in 2022, largely for intelligence collection. Lazarus, a well-known North Korean hacking outfit, conducts both espionage and financially motivated cybercrime.

While tracking Gamaredon’s use of Telegram channels to circulate servers controlling its malware, analysts found that one of those servers was simultaneously being used by Lazarus. On another server operated by Gamaredon, researchers uncovered a hidden variant of malware associated with Lazarus. The file closely matched Lazarus’s typical tools. Nation-state hacking groups rarely host or distribute one another’s malicious code.

Experts say these overlaps indicate that both groups are likely drawing on shared resources and may well be cooperating directly. At a minimum, it suggests one group is deliberately imitating the other.

Salat added that Gamaredon may also be studying Lazarus’s methods. Lazarus is known for luring victims with fake job offers and stealing cryptocurrency—a key source of revenue for North Korea, which is under heavy international sanctions.

Moscow and Pyongyang have expanded their cooperation in recent years, including in the military sphere. Western intelligence services believe North Korea has sent thousands of troops to Russia to support the war against Ukraine. Ukrainian officials said last month that North Korean soldiers had launched drones across the border, and Ukraine’s military intelligence reported last week that Pyongyang plans to send thousands of workers to Russia to help manufacture drones.