Lazarus used a new variant of the BLINDINGCAN backdoor to target a South Korean think tank in June after deploying it to breach a Latvian IT vendor in May. "In the first case discovered by Kaspersky researchers, Lazarus developed an infection chain that stemmed from legitimate South Korean security software deploying a malicious payload," the researchers said. "In the second case, the target was a company developing asset monitoring solutions in Latvia, an atypical victim for Lazarus."
Source: bleepingcomputer.com