CYFIRMA reported that North Korea-sponsored Lazarus operators were planning a large COVID-19 themed phishing campaign against more than five million individuals and businesses. The planned lures impersonated government agencies, departments, and trade associations responsible for pandemic fiscal-aid programs in Singapore, Japan, South Korea, India, the United States, and the United Kingdom. The emails were designed to drive recipients to fake websites and collect personal or financial information from victims seeking relief payments, loans, testing, or business support. The excerpt cites seven phishing templates, spoofed authority email accounts, and attacker-claimed address lists ranging from thousands of business contacts to millions of individual email IDs.