North Korean Cyber Espionage Targeting European Defense Industry
Recent reports have revealed that threat actors linked to North Korea are behind a series of cyber attacks targeting European companies operating in the defense sector. Known as Operation Dream Job, this long-standing campaign aims to steal proprietary information and manufacturing expertise from organizations in the defense industry.
Targeting European Defense Companies
The attack campaign, which began in late March 2025, specifically focuses on entities involved in the unmanned aerial vehicle (UAV) sector. ESET security researchers Peter Kálnai and Alexis Rapin have identified malware families such as ScoringMathTea and MISTPEN being used in these attacks.
Some of the targeted companies include a metal engineering firm in Southeastern Europe, an aircraft components manufacturer in Central Europe, and a defense company also based in Central Europe.
Lazarus Group and Operation Dream Job
Operation Dream Job is attributed to Lazarus Group, a notorious North Korean hacking group also known by aliases such as APT-Q-1, Black Artemis, and Hidden Cobra. Lazarus Group has been active since at least 2009 and is known for its sophisticated cyber espionage campaigns.
The group uses social engineering tactics, such as offering fake job opportunities to lure victims into downloading malware onto their systems. This tactic, known as Contagious Interview, has been observed in previous Lazarus Group attacks.
Advanced Malware and Tactics
The attack chain typically involves the delivery of trojanized documents with job descriptions, which contain malicious payloads. Once executed, these payloads install advanced malware like ScoringMathTea and MISTPEN, allowing threat actors to gain control over compromised systems.
ESET researchers have noted that Lazarus Group has maintained a consistent modus operandi over the years, deploying familiar malware and utilizing similar infection methods. Despite the group’s efforts to evade detection, their tactics have been recognized and attributed by cybersecurity experts.
Conclusion
Operation Dream Job represents a concerning escalation in cyber threats targeting the defense industry, with North Korean hackers leveraging deceptive recruitment tactics to infiltrate European companies. Organizations in the defense sector are urged to remain vigilant and enhance their cybersecurity measures to defend against such attacks.
For more information on this cyber espionage campaign targeting European defense companies, you can read the original article here.