A new wave of cyber-espionage attacks reveals North Korea’s deepening effort to steal critical defense technologies from Europe. In a sophisticated campaign dubbed Operation Dream Job, the Lazarus Group — also known as Diamond Sleet and Hidden Cobra — has launched targeted attacks on European defense contractors and UAV (unmanned aerial vehicle) developers. Beginning in March 2025, the hackers posed as recruiters offering lucrative positions to engineers and software developers, luring victims into opening trojanized PDF files. Once opened, these files secretly deployed the ScoringMathTea remote access trojan, giving the attackers full system control and long-term persistence.

Forensic evidence reveals the campaign’s deliberate targeting of companies involved in drone component manufacturing and UAV software development. Analysts believe the goal is to steal intellectual property and manufacturing blueprints to accelerate North Korea’s domestic drone production, which closely mirrors U.S. and European UAV designs. The operation also likely serves broader military intelligence goals, including gathering insights into weapon systems deployed in Ukraine.

This campaign highlights how cyber-espionage remains central to Pyongyang’s asymmetric warfare strategy, blending digital infiltration with geopolitical opportunism. With evidence showing Lazarus’s malware referencing “drone” keywords within its code, the link between these attacks and North Korea’s UAV ambitions is unmistakable. As global tensions rise, European defense firms face mounting pressure to defend against this persistent, state-backed threat that fuses social engineering, espionage, and military modernization into a single, calculated operation.

#LazarusGroup #OperationDreamJob #NorthKorea #CyberEspionage #UAV #DroneTechnology #DefenseIndustry #ScoringMathTea #CyberSecurity #Europe #APT #HiddenCobra #DiamondSleet #CyberThreat #MilitaryEspionage #DroneWarfare