The Lazarus group has launched a sophisticated attack campaign dubbed 'Operation SyncHole' targeting South Korean organizations. The operation combines watering hole attacks with exploitation of vulnerabilities in South Korean software. At least six organizations in the software, IT, financial, semiconductor manufacturing, and telecommunications industries were compromised. The attackers utilized updated versions of known Lazarus malware tools, including ThreatNeedle, wAgent, and COPPERHEDGE. They also exploited vulnerabilities in Cross EX and Innorix Agent software for initial access and lateral movement. The campaign demonstrates Lazarus' ongoing focus on supply chain attacks targeting South Korean entities and their deep understanding of the local software ecosystem.