According to ESET telemetry, Lazarus targeted companies in Europe (France, Italy, Germany, the Netherlands, Poland, and Ukraine) and Latin America in the relevant 2021-2022 attacks (Brazil).
In order to deliver its malware, the attackers used an unusual supply-chain mechanism, abusing legitimate South Korean security software and digital certificates stolen from two different companies.