A spear phishing attack was conducted on some of the members of certain cryptocurrency exchanges in Korea. This attack, too , is an extension of the Lazarus campaign, disguised as a vocational document request, which was unveiled on the 20th, and is an extension of the attack vector.
Email screen used in a real attack
In the past, Lazarus threats are characterized by a lure of users with subjects and content that have nothing to do with the recipient, and can be seen as one of irregular social engineering techniques.