"Your main weapon is knowledge, and you'll find plenty of that in the pages that follow."
That line opens The Lazarus Heist and perfectly captures why the book is worth reading.
I originally discovered Geoff White through his book Rinsed. I enjoyed it so much that I went looking for what else he had written and quickly found The Lazarus Heist, his deep dive into the North Korean cyber threat. The result is an excellent and engaging look at one of the most formidable cyber adversaries in the world.
It would be easy to assume that a book written around 2021 might feel outdated in cybersecurity, where threats evolve constantly. That would be a mistake. The real value of this book isn't just the timeline of attacks—it's the insight into the mindset and strategy behind them.
Understanding adversaries at a macro level is critical for defenders. When you understand why an adversary behaves the way they do, you can better anticipate what they will do next.
White centers much of the narrative on the activities attributed to the Lazarus Group. The book revisits several major cyber incidents, including the Sony Pictures hack and the Bangladesh Bank heist. Even though I had studied many of these events before—along with ATM jackpotting and SWIFT banking attacks—I still learned a surprising amount of new information from the book.
One of the biggest takeaways is that the North Korean cyber threat is highly capable and constantly learning. Their operators don't just study technology; they study systems—particularly financial systems. They analyze how money moves globally and target weak points along that chain to extract large sums of money.
In this sense, hacking for North Korea is not simply about intelligence gathering. It is about economic survival. Cyber operations provide a way to circumvent international sanctions and generate revenue for the state.
Another practical lesson in the book involves the reuse of indicators of compromise (IOCs) across years and targets. The attackers often reused infrastructure, tools, and techniques over long periods. This is a reminder for defenders to ensure threat intelligence is actively ingested and blocked wherever possible.
The book also highlights examples of attacks motivated by perceived political offense rather than economic gain. In some cases, companies became targets based on public positions or statements that angered the regime. These incidents show that cyber operations can sometimes be driven by ideology or retaliation rather than pure financial or intelligence objectives.
Finally, one of the strongest parts of The Lazarus Heist is the geopolitical context it provides. White walks through the history of North Korea and explains why cyber capabilities became such an important strategic tool for the regime. Understanding that background helps answer the critical strategic question defenders should always ask: why does this adversary operate the way it does?
For anyone interested in cybersecurity, threat intelligence, or geopolitics, The Lazarus Heist is an excellent read. Even if you are familiar with the major incidents discussed, the context and insight provided in the book make it well worth your time.
In cybersecurity, knowledge truly is the first weapon—and this book delivers plenty of it.
This article appeared originally on LinkedIn here.