Active for more than a decade and believed to be operating on behalf of the North Korean government, Lazarus has been associated with various financially-motivated attacks, such as those targeting cryptocurrency exchanges.
Several malware families have been attributed to Lazarus over the past several months, including new Mac malware families and the cross-platform malware framework MATA. Now, Kaspersky reveals that the threat actor is also operating the VHD ransomware, which has been observed in two campaigns in March and May 2020.