DBAPPSecurity attributed a set of cryptocurrency-themed LNK attacks to Lazarus activity against exchanges, industry staff, and digital-currency users. One Japanese-language lure masqueraded as business guidance and executed `mshta` through a Bitly short link, fetched decoy content from Google Drive, checked for security processes such as Kingsoft and NPAV, and ran a base64-encoded script that beaconed to C2 every 15 seconds for follow-on payloads. The report links related samples through shared usernames, document metadata, Korean language settings, and similar TTPs from earlier Lazarus cryptocurrency campaigns. It also identifies associated infrastructure such as `up.myemail[.]works`, `filehost[.]network`, and Google Drive decoy links.