Given that Lazarus continues to be one the most prolific and destructive APTs groups, tracking and grouping their various campaigns is particularly important. For example, AppleJeus has continued to attack only the cryptocurrency industry, but ThreatNeedle has changed its targets depending on the situation, moving from attacking a cryptocurrency business to a game company and then a defence contractor. After initial research on Lazarus APT – a well-known, state-sponsored threat actor – was published, the group has continued to gain widespread attention both in the industry and the media, as a result of their high profile and highly sophisticated threat activities. While the primary functionality of the malware may look similar, a closer look at their infection schemes shows they use different techniques.