Mar 2, 2021 Kaspersky researchers have identified a new, previously unknown, campaign from Lazarus, a highly prolific advanced threat actor active since at least 2009 that has been linked to a number of multifaceted campaigns. Since early 2020, it has been targeting the defense industry with a custom backdoor dubbed ThreatNeedle. The backdoor moves laterally through infected networks gathering sensitive information. Lazarus is one of today’s most prolific threat actors. Active since at least 2009, Lazarus has been involved in large-scale cyberespionage campaigns, ransomware campaigns, and even attacks against the cryptocurrency market. While the past few years they’ve been focusing on financial institutions, at the beginning of 2020, it appears they have added the defense industry to their “portfolio”.