Kaspersky describes Operation Blockbuster research linking malware used in the Sony Pictures attack to a wider Lazarus Group cluster spanning activity back to at least 2009. The report connects campaigns and malware families including Operation Troy, DarkSeoul, Hangman, Wild Positron/Duuzer, Destover, Sconlog, and SSPPMID through code reuse, shared conventions, and overlapping implementation quirks. Technical evidence includes spearphishing with CVE-2015-6585, hard-coded misspelled "Mozillar" user agents, self-delete BAT file generation, password-protected ZIP resources named MYRES, a reused payload password, and sandbox-hostname checks added to evade analysis. The targeting context includes financial institutions, media, manufacturing, Sony Pictures, and South Korean institutions, while metadata such as Korean locale resources and GMT+8/GMT+9 working patterns is presented as technical context rather than definitive attribution.