Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Lazarus Group Operation DreamJob European defense drone-targeting campaign

Campaign
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

In March 2025, Lazarus Group launched a new Operation DreamJob espionage phase against European defense firms involved in drone development, raising the risk of military and aerospace data theft. The attackers used fake job offers and trojanized PDF readers to install malware on victim systems. The targeting points to a focused push for UAV-related intelligence rather than opportunistic phishing.

Related Happenings

APT28 long-term espionage campaign targeting Ukrainian military personnel

Campaign
First: 10.03.2026 12:55 Last: 10.03.2026 12:55 Sources 1

About this happening: A **sustained APT28 espionage campaign** is using **BEARDSHELL** and **COVENANT** to surveil **Ukrainian military personnel**, extending access through **cloud-based C2** and incr...

Open Happening

UAT-10027 U.S. education and healthcare targeting campaign

Campaign
First: 26.02.2026 17:17 Last: 26.02.2026 17:17 Sources 1

About this happening: **UAT-10027** is running an active **campaign** against **U.S. education and healthcare organizations**, and the activity matters because it delivers a new backdoor and supporting...

Open Happening

BlueNoroff spear-phishing campaign uses typosquatted Zoom, Teams, and Calendly lures against crypto firms

Campaign
First: 11.02.2026 00:17 Last: 11.02.2026 00:17 Sources 1

About this happening: **BlueNoroff**, a **North Korea-linked Lazarus Group** subgroup, ran a **large-scale spear-phishing campaign** against **100+ cryptocurrency organizations** in **20+ countries** b...

Open Happening

RedKitten campaign targeting Iranian dissidents with forged shock lures

Campaign
First: 30.01.2026 13:55 Last: 30.01.2026 13:55 Sources 1

About this happening: The **RedKitten** campaign is spreading **SloppyMIO** malware in **Iran**, putting **NGOs** and people documenting protest-related human rights abuses at risk of surveillance and...

Open Happening

MuddyWater phishing campaign targeting Israeli entities with MuddyViper

Campaign
First: 02.12.2025 15:37 Last: 02.12.2025 15:37 Sources 1

About this happening: A **MuddyWater** phishing campaign is targeting **Israeli academia, government, industry, transport, and utilities**, and the operation matters because it is delivering the **Mudd...

Open Happening

Timeline

  1. 23.10.2025 16:30 2 articles · 7mo ago

    ESET discloses Lazarus Group Operation DreamJob campaign against European defense firms

    Initial Disclosure

    ESET attributed a March 2025 Operation DreamJob campaign to the North Korea-aligned Lazarus Group after it targeted three European defense firms involved in drone work, including a metal engineering company, an aircraft components manufacturer, and a defense contractor. The delivery chain used fake job offers, trojanized PDF readers, droppers and loaders disguised as legitimate software components, manipulated open-source projects from GitHub, and the ScoringMathTea RAT to steal sensitive military and aerospace data.

    Show sources
    Open in new tab