Trickbot operators offer advanced persistent threat actors access to new attack toolset called Anchor. North Korea’s notorious state-backed Lazarus Group is using the toolset to deploy one of its own malware samples on the network of an Anchor victim. The discovery is significant because financially motivated crimeware operations like Trickbot so far mostly operated completely separately from APT campaigns. Organizations now have to be concerned not just about criminal groups, but of crimeware threats that might mature into APT activity.”]