ESET reports that Lazarus targeted aerospace and defense contractors between late 2021 and March 2022, with victims observed across Europe, the Middle East, and Latin America. The activity used fake recruiting lures on LinkedIn and then shifted communications through services such as WhatsApp, Slack, or similar channels before sending malicious components disguised as job-related files. ESET says the operation was primarily cyber-espionage, though the group also attempted unsuccessful money theft. The toolset included a user-mode component that abused a vulnerable Dell driver to write to kernel memory, a technique used to bypass security monitoring. The campaign extends earlier Lazarus operation In(ter)ception tradecraft and shows continued use of social engineering against defense-sector employees.