Lazarus Group, a team of cyber criminals reportedly based in North Korea, is believed to be targeting its southern neighbor with malicious documents. The files, recently reviewed by South Korean researchers and experts at AlienVault, pack Manuscrypt malware as the final payload. Manuscrypt is referred to as "Bankshot" by McAfee, which uses the term "Hidden Cobra" for the organization known as Lazarus Group. South Korea have suggested the the thefts from Bithumb started with malicious HWP files earlier in May and June. They also mentioned they are linked to previous attacks by Lazarus, and involved faked resumes. Manuscrypt is in Hangul Word Processor file's format, a Korean word processing application.