SharkTeam profiles Lazarus as a North Korean financial-threat actor with BlueNorOff/APT38 focused on SWIFT and cryptocurrency theft and Andariel focused on South Korean targets. The report reviews Lazarus tradecraft across spear-phishing, watering-hole compromises, supply-chain attacks, SMB-based lateral movement, ransomware or destructive payloads, and SWIFT fraud, with examples including Sony Pictures, Bangladesh Bank, Polish financial-sector watering holes, and LinkedIn recruiter lures against cryptocurrency workers. It also discusses malware behaviors such as RC4, AES, Spritz and custom encryption, false TLS, IRC and HTTP communications, MBR or partition damage, self-deleting scripts, and cryptocurrency laundering through mixers, cross-chain transfers, bridges, and exchanges. Treat it as a broad Lazarus tactics and money-laundering overview rather than evidence of a single new intrusion.