Qianxin profiles Lazarus Group, also tracked as APT-Q-1, as a North Korea-linked threat group active since at least 2009 with espionage and financially motivated operations. The profile describes spear-phishing, watering-hole activity, SMB exploitation, lateral movement, destructive or ransomware-like disruption, and malware families such as Destover, Duuzer, Hangman, DDoS botnets, keyloggers, RATs, and wipers. It highlights major historical activity including DarkSeoul, the Sony Pictures intrusion, the Bangladesh Bank theft, cryptocurrency exchange targeting, security researcher targeting, 3CX supply-chain activity, and intensified operations against cryptocurrency, finance, energy, manufacturing, and other sectors. The source also notes widely recognized Lazarus subgroups including BlueNoroff for financial cybercrime and Andariel for government, infrastructure, and enterprise targets.