ESRC reported a rise in Lazarus-attributed APT activity in April 2020, including spear-phishing that impersonated a blockchain software development contract and targeted people connected to cryptocurrency trading. The same activity set also included COVID-19 infection-control lures, a malicious MS Word document about U.S.-Korea diplomacy and security, and aerospace recruitment-themed documents aimed at foreign organizations. The aerospace and diplomacy lures shared the elite4print[.]com C2 server and resembled earlier recruitment-themed Lazarus activity against an Indian aerospace and defense company. The source frames Lazarus as a state-level threat conducting both espionage and revenue-generating attacks, with detection names including Trojan.Downloader.DOC.Gen and Exploit.HWP.Agent.