IGLOO analyzed non-document-based malware used by North Korean attack groups in the first half of 2022, focusing on NukeSped and attacks abusing INITECH processes. The excerpt describes NukeSped as a Lazarus backdoor installed against domestic companies, distributed through malicious macros and targeted watering-hole activity, with RC4-encrypted data, in-memory execution, command reception from C2, keylogging, clipboard capture, privilege checks, and batch-file self-deletion. A second case describes Lazarus activity against defense, chemical, and other organizations using spear-phishing to download HTM files that were injected into the legitimate INISAFE Web EX Client process for privilege acquisition and information theft. The INITECH-abuse sample dynamically loaded networking and registry APIs, attempted credential dumping and persistence through BAT files and scheduled tasks, and used registry changes with fodhelper.exe and ComputerDefaults.exe for UAC bypass.