VERY IMPORTANT

Cyber attacks from the Lazarus Group, a threat actor associated with North Korea, has not slowed down and their malware toolset continues to evolve. A few months ago, we published a general research of the Lazarus Group and the Blockbuster campaign including code reuse and similarities throughout their malware up until the latest news regarding targeting bitcoin and cryptocurrency exchanges. In recent attacks, the Lazarus Group has been spreading malicious documents with a RAT embedded inside that gets executed through a VBA macro. These malicious documents contained a job description for different positions in various industries.