North Korean hackers target European defense firms with dream job scam

Date:
Fri, 24 Oct 2025 14:14:00 +0000

Description:
Lazarus is after drone know-how and has infiltrated three firms.

FULL STORY

Infamous North Korean state-sponsored threat actors, Lazarus Group, have been targeting Southeastern European defense firms with their Operation DreamJob scams.

Security researchers at ESET claim the goal of the attacks was to steal the know-how and other proprietary information on unmanned aerial vehicles (UAV) and drones.

Lazarus is known for its work in supporting North Koreas weapons development program. This is usually done by attacking crypto firms, stealing money, and then using it to fund research and development. In this case, the operation
is somewhat different, but the goal is the same.

ScoringMathTea

Operation DreamJob is Lazarus signature move. The group would create fake companies, fake personas, and fake jobs, and then reach out to their targets, offering lucrative positions.

People who take the bait are usually invited to multiple rounds of job interviews and trials, in which they are asked to download PDF files,
programs, apps, and code.

However, instead of actually completing any trials, the victims would simply
be downloading malware .

ESET says the attacks took place at approximately the same time when North Korean soldiers were in Russia, assisting the Russian army in the Kursk
region, which was in late 2024. At least three companies were breached, and information on how to build drones was stolen.

The researchers explained that North Korea is building drones of its own, and that many of the materials used in Eastern European drones are also used in North Korea. They also explained that many of the drones designed in Eastern Europe are being used in the Ukrainian war, which is why they were of particular interest to Lazarus.

After breaching their targets, the attackers would deploy ScoringMathTea, a remote access trojan (RAT) that grants full control over the compromised machine.

We believe that it is likely that Operation DreamJob was at least partially aimed at stealing proprietary information, and manufacturing know-how, regarding UAVs. The drone mention observed in one of the droppers
significantly reinforces this hypothesis, says ESET researcher Peter Klnai,
who discovered and analyzed these latest Lazarus attacks.

We have found evidence that one of the targeted entities is involved in the production of at least two UAV models that are currently employed in Ukraine, and which North Korea may have encountered on the front line. This entity is also involved in the supply chain of advanced single-rotor drones, a type of aircraft that Pyongyang is actively developing, adds Alexis Rapin, ESET cyberthreat analyst.

======================================================================
Link to news story: https://www.techradar.com/pro/security/north-korean-hackers-target-european-de fense-firms-with-dream-job-scam

$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)