Kaspersky reported that Lazarus continued using the DTrack backdoor three years after its 2019 discovery, with telemetry showing activity in Europe, Latin America, the Middle East, Asia, and the United States. DTrack supports file upload, download, execution, and deletion, and its toolset has included a keylogger, screenshot module, and system information collector that can support lateral movement and data theft. Recent samples used multi-stage unpacking and decryption, modified RC4/RC5/RC6-like algorithms, API hashing, process hollowing into explorer.exe, and a reduced set of three C2 servers. The reported victimology included education, chemical manufacturing, government research and policy institutes, IT services, utilities, and telecommunications, showing Lazarus continued to adapt an older backdoor for varied financial and strategic operations.