AhnLab analyzes Lazarus malware families Volgmer and Scout, describing Volgmer as a backdoor used from 2014 through about 2021 and Scout as a downloader observed from around 2022. The report links Scout to attacks that exploited vulnerabilities in Korean financial security certification software and targeted domestic defense, manufacturing, ICT, financial, media, satellite, and software organizations. Volgmer droppers installed DLL backdoors as Windows services, stored encrypted configuration and C2 data under HKLM\SYSTEM\CurrentControlSet\Control\WMI\Security, randomized service names, and timestomped files to match notepad.exe. AhnLab notes shared encryption material and similar operating patterns across later Lazarus and Andariel-linked malware, including BYOVD use to disable security products.