Kaspersky's Q3 2023 APT trends report describes a Lazarus campaign against defense manufacturers and nuclear engineers. The actor used Trojanized applications, especially backdoored VNC clients offered through fake job interview lures on social media, to gain access to enterprise systems. Execution of the compromised VNC client led to LPEClient and other in-memory payloads, sophisticated C2 communication, syscall unhooking to evade behavior monitoring, COPPERHEDGE backdoor use, and file-exfiltration tooling. Kaspersky observed victims tied to radar systems, UAVs, military vehicles, ships, weapons, maritime companies, and a Hungary-based nuclear engineer contacted over Telegram and WhatsApp.