In a seemingly sharp increase in activity, Lazarus group, the alias for APT38 and widely attributed to be a North Korean nation-state threat actor has doubled down on Crypto theft, going after crypto.com to acquire funds. However the most recent activity points to spear phishing attacks using Microsoft documents and piggy backs on legitimate windows update mechanisms. The target for the command and control activity is a GitHub repository, which again may be difficult to spot from legitimate traffic on your proxy.