Lazarus Group Operation DreamJob European defense drone-targeting campaign
Campaign
Summary
Hide ▲
Show ▼
In March 2025, Lazarus Group launched a new Operation DreamJob espionage phase against European defense firms involved in drone development, raising the risk of military and aerospace data theft. The attackers used fake job offers and trojanized PDF readers to install malware on victim systems. The targeting points to a focused push for UAV-related intelligence rather than opportunistic phishing.
Related Happenings
Earth Lusca Operation FishMedley espionage campaign
Campaign
H score38
First: 16.06.2026 12:44
Last: 16.06.2026 12:44
Sources 1
About this happening:
A **multi-country espionage campaign** tied to **Earth Lusca / FishMonger** is now linked to **Operation FishMedley**, a **January–October 2022** effort that reached **seven organ...
Earth Lusca Operation FishMedley espionage campaign
CampaignAbout this happening: A **multi-country espionage campaign** tied to **Earth Lusca / FishMonger** is now linked to **Operation FishMedley**, a **January–October 2022** effort that reached **seven organ...
Contagious Interview UNK_DeadDrop GitHub phishing campaign
Campaign
H score37
First: 15.06.2026 22:32
Last: 15.06.2026 22:32
Sources 1
About this happening:
The **Contagious Interview** cluster is running the **UNK_DeadDrop** phishing campaign to lure developers with **recruitment** and **code review** themes, reaching **nearly 100 or...
Contagious Interview UNK_DeadDrop GitHub phishing campaign
CampaignAbout this happening: The **Contagious Interview** cluster is running the **UNK_DeadDrop** phishing campaign to lure developers with **recruitment** and **code review** themes, reaching **nearly 100 or...
UNK_DeadDrop developer phishing campaign using fake job and code-review lures
Campaign
H score30
First: 08.06.2026 18:00
Last: 08.06.2026 18:00
Sources 1
About this happening:
A **UNK_DeadDrop** phishing campaign sent **more than 250 emails** to software developers at **almost 100 organizations**, using fake job and code-review lures to steal **cryptocu...
UNK_DeadDrop developer phishing campaign using fake job and code-review lures
CampaignAbout this happening: A **UNK_DeadDrop** phishing campaign sent **more than 250 emails** to software developers at **almost 100 organizations**, using fake job and code-review lures to steal **cryptocu...
Operation Dragon Weave cyber-espionage campaign
Campaign
H score37
First: 01.06.2026 14:54
Last: 01.06.2026 14:54
Sources 1
About this happening:
The **Operation Dragon Weave** campaign is actively targeting **officials and citizens in the Czech Republic and Taiwan** with **spear-phishing ZIP attachments**. The infection ch...
Operation Dragon Weave cyber-espionage campaign
CampaignAbout this happening: The **Operation Dragon Weave** campaign is actively targeting **officials and citizens in the Czech Republic and Taiwan** with **spear-phishing ZIP attachments**. The infection ch...
APT28 long-term espionage campaign targeting Ukrainian military personnel
Campaign
H score32
First: 10.03.2026 12:55
Last: 10.03.2026 12:55
Sources 1
About this happening:
A **sustained APT28 espionage campaign** is using **BEARDSHELL** and **COVENANT** to surveil **Ukrainian military personnel**, extending access through **cloud-based C2** and incr...
APT28 long-term espionage campaign targeting Ukrainian military personnel
CampaignAbout this happening: A **sustained APT28 espionage campaign** is using **BEARDSHELL** and **COVENANT** to surveil **Ukrainian military personnel**, extending access through **cloud-based C2** and incr...
Timeline
-
23.10.2025 16:30 2 articles · 8mo ago
ESET discloses Lazarus Group Operation DreamJob campaign against European defense firms
Initial DisclosureESET attributed a March 2025 Operation DreamJob campaign to the North Korea-aligned Lazarus Group after it targeted three European defense firms involved in drone work, including a metal engineering company, an aircraft components manufacturer, and a defense contractor. The delivery chain used fake job offers, trojanized PDF readers, droppers and loaders disguised as legitimate software components, manipulated open-source projects from GitHub, and the ScoringMathTea RAT to steal sensitive military and aerospace data.
Show sources
- Lazarus Group’s Operation DreamJob Targets European Defense Firms — www.infosecurity-magazine.com — 23.10.2025 16:30
- Lazarus Group’s Operation DreamJob Targets European Defense Firms — www.infosecurity-magazine.com — 23.10.2025 16:30