The article describes a Lazarus supply chain intrusion against maritime research organizations tied to defense and submarine development material. According to the source, Lazarus first compromised a website maintenance vendor, used stolen SSH keys to access the target web server, downloaded Ngrok and a Base64-encoded Python downloader from C2, then moved laterally over SSH while using tcpdump to collect network data and credentials. The operators allegedly used stolen employee credentials to access a security manager mailbox, learn the patch management system, and request deployment of a patch that installed NukeSped malware. The malware analysis links NukeSped to C2 domain connection.lockscreen.kro.kr and notes command functions for file upload, download, read/write, and process operations resembling Lazarus FallChill tooling.