ESRC described Operation Star Cruiser as an active spear-phishing campaign against South Korean cryptocurrency-related targets and assessed it as linked to the Lazarus group. The attack used malicious HWP documents tailored to Korean environments, with embedded PostScript and shellcode that downloaded payloads disguised as AVI files such as star3.avi and star6.avi. ESRC connected Star Cruiser to the earlier Battle Cruiser operation through shared TTPs, similar implants, matching C2 protocol elements, overlapping code structure, and related infrastructure paths such as include/left.php. The report is important for DPRK-focused tracking because it links document-exploit delivery, cryptocurrency-sector targeting, and infrastructure reuse to a continuing Lazarus-attributed operational chain.