Kaspersky revealed two separate supply chain attacks by Lazarus Group aimed at an IT asset monitoring solution vendor, a South Korean think tank, and the defense industry. Hackers use a Racket downloader (signed with a stolen certificate) in the infection chain. Organizations must stay alert and focus on defense efforts against such threats.