Since 2009, HIDDEN COBRA actors have been observed in the wild and have leveraged their capabilities to target a wide range of users. Intrusions by this actor group were attributed to Lazarus Group or Guardians of Peace by commercial reporting. As disclosed by a government report, Volgmer Backdoor has been used by this threat group to carry out their operations. The backdoor has been associated with hacking incidents pertaining to Sony in 2014 and against South Korean companies. Volgmer is reportedly dropped by spear phishing campaigns. It is likely that the Hidden Cobra actors were using other malware in conjunction with the backdoor. Volgmer has reportedly been active at least since 2013 to gain and maintain access to Windows systems. In an infected system, Volgmer can retrieve and send relevant system or identifiable information to a C&C server while also able to receive additional instructions from the C&C to carry out other actions or further exploit the infected systems.