360 researchers linked APT-C-26, identified in the excerpt as Lazarus, to continued attacks against cryptocurrency exchanges and related users. The group allegedly registered wb-invest.net and wb-bot.org in October 2018, then used them to present a malicious automated trading application called Worldbit-bot as legitimate software. Worldbit-bot was described as modified from the open-source Qt Bitcoin Trader project and as using the same attack framework as the earlier CelasTrade Pro campaign, with changes mainly in parameters and keys. The reported phishing activity targeted exchange staff in suspected January and March 2019 operations to enable cryptocurrency theft, showing a mature and repeated tradecraft pattern against blockchain-sector victims.