Kaspersky reported Operation WizardOpium, a Chrome zero-day exploitation campaign using CVE-2019-13720 before Google patched it in Chrome 78.0.3904.87. The attack profiled browsers, pulled exploit chunks from attacker infrastructure, used an image-delivered key and RC4 material to decrypt the exploit code, then downloaded an encrypted final payload that was decrypted, dropped as updata.exe, and persisted through Windows Task Scheduler. Kaspersky explicitly avoided firm attribution, noting only very weak Lazarus code similarities that could be false flags and that the targeted-site profile more closely resembled earlier DarkHotel-style activity. For DPRK tracking, the report is relevant mainly because of the possible but uncertain Lazarus overlap and the operation’s advanced browser-exploit tradecraft.