£5.84M recovered by Norwegian police

Feb 21 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s cleaner than your church shoes.

Today’s hottest cyber security stories:

  • Nor-way, Jose: Norwegian police foils ‘Lazarus’, recovers £5.84m
  • RailYatri’s ticket’s been punched!
  • Armageddon outta here! CyberSec oracles foresee cyber-apocalypse


Lazarus is down, but (if the Gospel rings true!) not out… Norwegian police traded their Lapskaus (Norwegian stew, didn’t you know?) for Lazarus when they made some headway against the notorious hacking group.

Who’s Lazarus?

The North Korea-backed hacking collective that shares its name with Jesus Christ’s closest friend who rose from the dead (kind of like the Drake memes) had a very busy 2022.

Its crypto plunder can now be measured in the hundreds of millions: a billion, in some reporters’ estimations. But don’t despair just yet. The good guys got one back yesterday. Well, they got £5.84 million back, to be precise.

Hats off to Økokrim, the Norwegian police agency that just announced the seizure of a not-to-be-sniffed-at 60 million NOK (£5.84).

Couple this with the $30 million recovered by the US government, and the cracks in Lazarus’ armour are beginning to appear. Just about.

Let’s not kid ourselves, the elusive crime syndicate is hardly on the street selling The Big Issue. They got away with an eye-watering $620 million in the Ronin cross-chain bridge heist of March 2022, let’s not forget.

Credit where credit’s due, though. Tracing and retrieving cryptocurrency by analysing transactions on the blockchain is an incredibly complex and longwinded process (hence why large criminal organisations steal crypto).

So, when you read of stolen loot being recovered, such as the $30m by the US or the £5.84m by Norway, respectively, you can trust that thousands of manhours facilitated these victories. Let’s hear it for the crypto coppers!

And who knows? Maybe by the year 2033, the whole bundle will have been recovered. One can only dream, eh?


Indian government-approved online travel agency RailYatri is left with a whole trainload of egg on its face after the personal data of 31m passengers’ data was not only stolen, but also published online for the world to see. How would you like your privates published for the world to see? Sorry, this is serious.

And that’s not even the worst of it. I mean, we said ‘hacked’ in the subheading. But I don’t even know if that’s accurate, strictly speaking. This was an unsecured server, for God’s sake.

Do you call it a break-in if the door was left wide open? Or you leave your – wait, no if you leave someone else’s Bentley parked with the engine running in a bad neighbourhood? That’s a better analogy. Is that theft?

Hmm I guess so, but don’t expect home insurance to cover it. And do expect the owner of the proverbial Bentley to be just a tad pissed off.

Privates exposed!

So, this is the range of data that was made public, following the data breach:

  • Full names
  • Age
  • Gender
  • Physical addresses
  • Email addresses
  • Mobile phone numbers
  • Payment logs
  • Partial records of credit and debit card information
  • Unified Payment Interface (UPI) ID
  • Train and bus ticket booking details
  • Travel itinerary information including which stations passengers boarded/disembarked
  • Users’ GPS location information including MCC, MNC, LAC, and CellID data:
    • MCC: mobile country code to identify the country
    • MNC: mobile network code to identify the mobile operator
    • LAC: location area code to identify pockets of base stations
    • CellID: unique number to identify each base transceiver station or sector
  • Authentication token information
  • User session logs including login times

So yeah, a fair bit…


The wise old wizards of the realm of cybersecurity have been gazing into their crystal balls and it’s not good news, guys.

They anticipate a cyber ‘apocalypse’ (geez, dramatic much?). So, when we expect the four horsemen of the MAL-pocalypse? Soon!

This new report warns of a ‘catastrophic cyber event’ in the next two years.

To be honest, it reminded us of the plumber or the mechanic taking a look at the customer’s problem before whistling and saying something like: “that’s gonna cost ya”.

Of course, the cybersecurity community is going to say the cybersphere’s about to implode; they stand to profit from it!

Or maybe we’re wrong and they’re right. Who knows. Just sounded a little phishy to us, that’s all.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles