SentinelLabs identified North Korea-related compromise of NPO Mashinostroyeniya, a sanctioned Russian missile and military spacecraft engineering organization with sensitive missile technology. The investigation found two activity clusters: a Lazarus Group OpenCarrot Windows backdoor inside the internal network and a ScarCruft-linked compromise of a public Linux email server beaconing to external infrastructure. OpenCarrot supported broad backdoor functions including reconnaissance, file and process manipulation, DLL injection, timestomping, C2 reconfiguration, and proxying communications through internal hosts. The ScarCruft cluster could not be tied to a confirmed initial access method, but its loading tools and infrastructure resembled activity previously associated with RokRAT. The case matters because it shows multiple DPRK-affiliated threat actors targeting the same high-value Russian defense organization and raises questions about shared access, infrastructure, or parallel tasking.