Lazarus APT group, infamous for targeting the defense industry, now abuses Windows Update Client to spread malware. It was recently observed masquerading as Lockheed Martin in spear-phishing campaigns. For the first time in this campaign, the group had used GitHub as a C2 for targeted and short-term attacks. Take the right measure to safeguard your national security systems.