Find notable cyber news and cases, enriched with sources, timelines, and signals.

Lazarus Group Operation DreamJob European defense drone-targeting campaign

Campaign
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

In March 2025, Lazarus Group launched a new Operation DreamJob espionage phase against European defense firms involved in drone development, raising the risk of military and aerospace data theft. The attackers used fake job offers and trojanized PDF readers to install malware on victim systems. The targeting points to a focused push for UAV-related intelligence rather than opportunistic phishing.

Related Happenings

Earth Lusca Operation FishMedley espionage campaign

Campaign
H score38 First: 16.06.2026 12:44 Last: 16.06.2026 12:44 Sources 1

About this happening: A **multi-country espionage campaign** tied to **Earth Lusca / FishMonger** is now linked to **Operation FishMedley**, a **January–October 2022** effort that reached **seven organ...

Contagious Interview UNK_DeadDrop GitHub phishing campaign

Campaign
H score37 First: 15.06.2026 22:32 Last: 15.06.2026 22:32 Sources 1

About this happening: The **Contagious Interview** cluster is running the **UNK_DeadDrop** phishing campaign to lure developers with **recruitment** and **code review** themes, reaching **nearly 100 or...

UNK_DeadDrop developer phishing campaign using fake job and code-review lures

Campaign
H score30 First: 08.06.2026 18:00 Last: 08.06.2026 18:00 Sources 1

About this happening: A **UNK_DeadDrop** phishing campaign sent **more than 250 emails** to software developers at **almost 100 organizations**, using fake job and code-review lures to steal **cryptocu...

Operation Dragon Weave cyber-espionage campaign

Campaign
H score37 First: 01.06.2026 14:54 Last: 01.06.2026 14:54 Sources 1

About this happening: The **Operation Dragon Weave** campaign is actively targeting **officials and citizens in the Czech Republic and Taiwan** with **spear-phishing ZIP attachments**. The infection ch...

APT28 long-term espionage campaign targeting Ukrainian military personnel

Campaign
H score32 First: 10.03.2026 12:55 Last: 10.03.2026 12:55 Sources 1

About this happening: A **sustained APT28 espionage campaign** is using **BEARDSHELL** and **COVENANT** to surveil **Ukrainian military personnel**, extending access through **cloud-based C2** and incr...

Timeline

  1. 23.10.2025 16:30 2 articles · 8mo ago

    ESET discloses Lazarus Group Operation DreamJob campaign against European defense firms

    Initial Disclosure

    ESET attributed a March 2025 Operation DreamJob campaign to the North Korea-aligned Lazarus Group after it targeted three European defense firms involved in drone work, including a metal engineering company, an aircraft components manufacturer, and a defense contractor. The delivery chain used fake job offers, trojanized PDF readers, droppers and loaders disguised as legitimate software components, manipulated open-source projects from GitHub, and the ScoringMathTea RAT to steal sensitive military and aerospace data.

    Show sources