Volgmer is a Windows backdoor attributed in the source to North Korea's Lazarus Group, also known as Hidden Cobra, and described as active from at least 2013-2014 through later campaigns. It installs as a legitimate-looking service with a random name, stores encrypted configuration in the registry, tampers with timestamps, and gives operators remote control for system discovery, file transfer, process execution, and command execution. The source says Volgmer used custom C2 communications over ports such as 8080 and 8088, sometimes with SSL or web-like requests using a misspelled "Mozillar" user agent. Reported targeting spans South Korea and later global government, military, financial, critical infrastructure, defense, high-tech, and related sectors, making it relevant to long-running Lazarus espionage and foothold operations.