istr-22-2017-en.pdf (2 MB)

Symantec's 2017 Internet Security Threat Report includes Lazarus in its targeted-attack group overview under the alias Appleworm. The table describes Lazarus tradecraft as spear phishing, DDoS attacks, disk wiping, zero-days, custom backdoors, information-stealing programs, and destructive payloads. It lists financial, military, government, entertainment, and electronics targets, and says the group was subject to disruption operations in early 2016 with links to the Bangladesh Bank attackers. The report provides historical threat-landscape context for Lazarus activity rather than a single incident timeline or IOC set.