FireEye report highlights the existence of an separate APT inside the Lazarus Group umbrella focused mainly on financially-motivated crimes against banks, financial institutions, and cyrptocurrency exchanges. Attacks tracked to several countries. Date back to 2014.
FireEye claims hacks are driven by the UN economic sanctions that have cut state revenue. North Korea appears to have turned to its military state hacking divisions for help in bringing in funds from external sources through unorthodox methods.