Overview: Lazarus, also grouped with Andariel, APT37, APT38, and Kimsuky.
Suspected Attribution: North Korean state-sponsored. Sometimes tracked under Lazarus Group.
Target Sectors: Infrastructure, healthcare, government, and large corporations, suggesting intent to perform monitoring, tracking, or surveillance ops against specific individuals, collect proprietary or customer data.
Attack Vectors: Access token and account manipulation, adversary-in-the-middle, Powershell, domain compromise, defacement, spearphishing (after victim research), among many others.
Associated Malware: Includes custom baddies like keylogger KiloAlfa, self-installing Windows malware, FakeTLS, Sumarta, DBLL Dropper, Torisma, SHARPKNOT, and DRATzarus.