A new report shows that hacking group Lazarus, which is believed to have strong links to North Korea, has attempted cyber attacks on defense organizations in more than a dozen countries.

The Russian cybersecurity firm Kaspersky Lab released a report on its website Thursday saying that while Lazarus had mainly focused on financial institutions, it appears to have added the defense industry to its “portfolio” last year, with organizations in more than a dozen countries targeted so far.

It said the group since early 2020 has been targeting the defense industry with a custom backdoor dubbed the ThreatNeedle, which moves laterally through infected networks gathering sensitive information.  

A custom backdoor is a type of malware that gives the hacker complete remote control.

The report explained the initial infection occurs through spear phishing and targets receive emails that contain either a malicious Word attachment or a link to one hosted on company servers.

Often times, the email claims to have urgent updates related to the pandemic and came, supposedly, from a respected medical center.