Kaspersky attributes a DeathNote, also known as Operation DreamJob, attack against at least two employees at the same nuclear-related organization to Lazarus. The delivery used IT skills-assessment archives tied to aerospace and defense job lures, including trojanized VNC utilities, likely ISO or ZIP files, AmazonVNC.exe, and DLL side-loading through UltraVNC vnclang.dll. The chain loaded Ranid Downloader, MISTPEN, RollMid, LPEClient, CookieTime, Charamel Loader, ServiceChanger, and CookiePlus, then supported persistence and lateral movement from Host A to Host C. The case shows Lazarus changing the post-lure infection chain while keeping the fake recruiter and remote-access-tool pattern used in DreamJob operations.