AhnLab attributes Operation Dream Magic to Lazarus exploitation of a MagicLine vulnerability in a watering hole campaign. The group followed the same model AhnLab observed in earlier INISAFE activity: malicious links inserted into selected news articles, companies and institutions targeted when they clicked through, vulnerable Korean sites used as C2, and IP filtering to restrict exposure. AhnLab coordinated malware analysis, MagicLine detection logic, customer log and sample collection, and information sharing with national agencies. The source says the full report explains the malware analysis, detection status, victim log review, and the basis for the Lazarus attribution.