AttackIQ summarizes Lazarus Group Operation In(ter)ception as a 2019 campaign that used LinkedIn and email job lures from fake HR representatives at companies such as Collins Aerospace and General Dynamics. Victims received password-protected RAR archives containing LNK files disguised as job documents, which began the intrusion chain. The emulated behaviors include remote XSL script execution through WMI, service creation, RegSvr32 and RunDLL32 execution, living-off-the-land utility abuse, scheduled task persistence, system and network discovery, data staging, and HTTP C2 requests. The source is mainly a detection-validation package description, but it preserves the campaign tradecraft defenders should test against Lazarus-style social engineering and post-compromise activity.