Just imagine, a mysterious team of hackers, supported by a rogue country, sneaks into the system of a big bank like ghosts at night. They steal about a billion dollars without firing a shot. It’s not a movie story – it’s the real story of North Korea’s Reconnaissance General Bureau, or RGB, and their elite hacking unit known as the Lazarus Group. Also called APT 38, it was created by the government to target banks and companies around the world between Sponsored Group 2005 and 2009. Their motive? Stealing money to run his isolated regime. The biggest incident here is the cyber attack on Bangladesh Bank in 2016, one of the biggest digital thefts ever. The hackers tried to steal $951 million, and although they couldn’t steal everything, the attack exposed major shortcomings in Global Finance. Let us understand how all this happened, step by step.
The Lazarus Group did not form overnight. North Korea’s RGB created this hacking squad in the mid-2000s to steal money from other countries. They target banks, companies and even entertainment giants, and make billions of dollars. Deliberately, this group remains hidden, and makes moves to accuse others of their crimes.
APT 38’s inception and mission
Lazarus began to be built between 2005 and 2009. RGB built it as a tool for financial attacks. The main job is to break into the system and steal funds and meet North Korea’s needs, such as weapons or luxury items for leaders.
In 2013, he got his first major success at Sonali Bank in Bangladesh. The thieves stole about $60,000 – less than in later burglaries, but that showed their motive. APT 38, their code name, now tracks 13 countries and 16 main groups. They attack places like Vietnam, Mexico, Philippines and Bangladesh. Every attack strengthens their identity as cyber criminals associated with the state.
Operational Method (MO)
Lazarus plans attacks for months or years. They choose a target, create custom malware, and quietly deploy it. Tools like Drydex let them penetrate deep into the network without leaving a trace.
After the theft, they leave false evidence – clues that point to rivals such as Russia or China. This complicates the matter for the police and experts. The main player Park Jin Hyeok takes over much of it. He is accused of the 2014 Sony Pictures hack and the WannaCry virus that affected millions of people in 2017. Under Kim Jong-un’s supervision, Park performs operations that mix tech smartness with big risks. Their methods are constantly changing, making them difficult to catch.
Bangladesh Bank seemed like a good target – it was connected to the global network, but it was not very difficult to hack. The hackers of Lazarus had noticed it early on. He spent more than a year preparing, and made patience his strength.
First phishing attack (January 2015)
It all started with a simple email in January 2015. As a job application under the name of “Rusel Alam”, it came in the inbox of staff at Dhaka Headquarters. An employee opened an attached CV, unaware it contained Drydex malware.
That one click opened the door. The virus infected the computers, giving hackers full access to bank terminals. They were acting like people inside, avoiding the alarm. From there, they mapped the network, and looked for weak spots.
Mapping of SWIFT systems in four months
SWIFT is the backbone for big money transactions between banks around the world. Thousands of places use it for transfers worth lakhs. Lazarus had to master it in order to commit a major theft.
For four months, they quietly gathered data. He looked at how staff handles transfers – who gets what, when, and where funds go. Then a second malware attack occurred in early 2016. It stole real login details, allowing hackers to become real users. No red flag was seen. His fake works looked exactly like normal bank work.
Timing was everything in this plan. Hackers chose a Thursday in February to attack, so that holidays and off days fell together in different time zones. This gave them several days to disappear with the looted money.
4 day window of chance (February 4-8, 2016)
February 4, 2016, launch day was—a Thursday. There is a holiday in Bangladesh on Friday and Saturday, so the office closed immediately. New York’s Fed Bank is closed on Saturdays and Sundays, delaying the clearing of checks.
Manila banks on Monday, February 8th Chinese New Year was—no one was at work. This gap provided cover for four to five days. Hackers could transfer cash without anyone noticing. Smart, right? He made global watches his companion.
First, they eliminated an essential safeguard. On the 10th floor, a printer in the budget department was taking out transaction slips in real time. Being connected to the system, it was the paper trail of all SWIFT moves. Around 8:30 pm, hackers crashed its software. It was not turning on even when the button was pressed. Staff ignored it considering it a minor glitchcould have been fixed on the weekend.
Request for $951 million transfer
At 8:36 pm, the doors opened. Hackers sent 35 fake SWIFT messages to New York’s Federal Reserve. He spent the entire $951 million U.S. of Bangladesh Bank. asked to empty the account—one penny.
The purpose of these requests was to send funds to fake places. But not all were successful. Fed systems saw strange names like “Jupiter” in five of them. Jupiter was related to a blacklisted Iranian tanker, so alarms went off. He was sent for manual review and blocked. The rest? They moved quickly.
Five out of 35 tries were successful—$101 million disappeared in hours. But due to some mistakes and obstacles, some money was returned. The rest of the money disappeared into the trap of exchanges and games.
$101 million in success and instant failures
Five successful requests brought transfers totaling $101 million. One batch was to send $20 million to the Shalika Foundation, a charity in Sri Lanka. Hackers got the spelling wrong— replaced “shalika” with “shalaka”.
Fed staff caught it during checking. He reversed the transfer, and sent $20 million back to Bangladesh. The sharp glance saved that part. Now, $81 million were open—joe heading to the Philippines.
Laundering the remaining $81 million in the Philippines
He reached four accounts of RCBC Bank at the Jupiter Street Branch in Manila for $81 million. These accounts, opened a year ago with fake IDs and similar job details, looked very suspicious. But then no one paid attention to them.
The cash was converted into pesos through local firms, then put back into the bank vault. It was all completed by 6 February. Supporters handled this work, and kept the hackers away. From there, it got divided— into some casinos, some abroad.
Casino Funnel: Hiding the Way to Money
Philippines casinos such as Soulier Resort and Midas became the next stop. The rules there exempt casinos from strict money checks. $50 million turned into chips for games like Baccarat—It is a fast, high-win card game popular in Asia.
Players invest large sums of money in private rooms, mixing stolen cash with real bets. Be it victory or defeat? It doesn’t matter—the path becomes blurry. A Chinese junket boss, Yu Weikang, took the remaining $31 million. He took them to Macau in a private jet. Macau has deep ties to North Korea, so that cache may have been useful to that regime. The remaining money was spent in casinos for a week of play.
This revelation affected like a bomb. A staff member rebooted the printer on Saturday, February 6. He got on and he pulled out evidence of Red – 35 requests for $951 million.
Revealing and early recovery efforts
Bin Hooda, an alert team member, arrived early on Friday but did not find anything printed. He tried again on Saturday with the help of IT. Receipts revealed the hack. Panic broke out – they had lost more than $100 million.
Bank Leaders A U.S. of World Informatics. Cyber pro Rakesh Asthana called. They tracked SWIFT fakes with access such as Insider. Bangladesh insists on court order to freeze funds in Manila. As soon as the court dock was leaked, the media brought it in front of everyone. In the Philippines, the investigation found some cash – $6 million from junket operator Kim Wong. But the casino opposed the tracing, citing the gambler’s privacy.
Legal consequences and final charges
RCBC Bank accused of loose checking. Bangladesh in 2019 U.S. Caseed him in court; the hearing dragged on until 2024. An RCBC manager, Santos Legarto, was jailed for helping with this intrigue.
The bank governor, Atiyur Rahman, resigned out of shame. The FBI joined by 2018, and charged Park Jin Hyok. The patterns matched those of Lazarus – signs of the Korean Code, previous attacks such as Sony. This confirmed North Korea’s role.
Bangladesh Bank theft is the biggest, most difficult cyber theft ever. Lazarus stole net $81 million, of which $63 million are still missing – sent to casinos or Macau. Only $20 million returned from Sri Lanka and a total of $18 million recovered. This shows how state hackers take advantage of weak links.
Banks need better printer backup, staff training on phishing, and double-checks for larger wire transfers. What if AI alerts were used for strange names like Jupiter in more places? You can also stay safe – view emails, update software, and question major changes. Lazarus is now looking for crypto places for easy billions. Global teams will have to work together to track these ghosts. Share your thoughts: How will you recognize it next time? Let’s talk in the comments.
Read Also:
Everyone wants to be successful in life. Something good has to be done in everyone's…
Life's true that any person wants to be successful. Everybody wants to spend successful life.…
Life is a precious gift, and to make it meaningful it is necessary to follow…
There's a huge celebratory atmosphere among people about the New Year. But, along with celebration,…
Hello friends, welcome to Success in Hindi. Well who doesn't want to be successful in…
What is the future of Artificial Intelligence (AI)? This detailed article discusses in depth the…