North Korean Lazarus hackers compromised three European companies in the defense sector through a coordinated Operation DreamJob campaign leveraging fake recruitment lures.
The threat group's activity was detected in late March and targeted organizations involved in the development of unmanned aerial vehicle (UAV) technology.
‘Operation DreamJob’ is a long-running Lazarus campaign where the adversary, posing as a recruiter at a big company (either real or fake), approaches employees at an organization of interest with job offers for a high-profile role.
The targets are tricked into downloading malicious files that give hackers access to the systems of the target company.
The tactic has been used in the past against cryptocurrency and DeFi firms, software developers, journalists, security researchers, and also organizations in the defense sector, including the aerospace industry.
Researchers at cybersecurity company ESET say that in the most recent Operation DreamJob they analyzed, Lazarus focused on UAV-related technology, which aligns with current geo-political developments and coincides with North Korea’s increased effort to build a drone arsenal "inspired" by Western designs.
Targeting makers of drone components
ESET observed in late March that "in-the-wild [DreamJob] attacks successively targeted" a metal engineering firm in Southeastern Europe, an aircraft parts maker, and a defense company, both in Central Europe.
However, the cybersecurity company did not provide any details on the success the hackers had with targeting the three companies.
All three companies make military equipment that is currently deployed in Ukraine as part of their countries' military assistance.
... continue reading