lazarusholic

"Mandiant began tracking UNC5342 in January 2024, following their social engineering campaign targeting software services, biotech, and media. UNC5342 distributed the BEAVERTAIL downloader via malicious cryptocurrency-themed NPM and Python packages hosted on GitHub. BEAVERTAIL downloads the INVISIBLEFERRET backdoor, granting UNC5342 extensive endpoint control."

- Mandiant, https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025/?hl=en