North Korean Lazarus hackers targeted three European defense companies involved in UAV technology using a sophisticated spear-phishing campaign called Operation DreamJob. The campaign involved tricking employees into downloading malicious files, allowing the hackers remote access to their systems, and focusing on military equipment development related to UAVs. #LazarusGroup #OperationDreamJob
Keypoints
- Lazarus hackers employed fake recruitment lures to target defense sector companies in Europe.
- Their recent focus was on organizations developing UAV technology and drone components.
- The infection chain involved trojanized open-source applications exploiting DLL sideloading techniques.
- The final malware used was the ScoringMathTea RAT, enabling extensive remote command options.
- Despite repeated exposure, Operation DreamJob remains an effective tactic for North Korean cyber espionage.