Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Operation Dream Job North Korea-linked campaign targeting European defense companies

Campaign
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

Operation Dream Job has entered a new wave of attacks against European defense companies, raising the risk of theft of proprietary information and manufacturing know-how. The operation is linked to North Korea and has been active since late March 2025. Attackers are using fake job offers and malware-laced lures to reach targets. The activity is especially relevant to companies involved in the UAV/drone sector.

Related Happenings

Operation Dragon Weave cyber-espionage campaign

Campaign
H score37 First: 01.06.2026 14:54 Last: 01.06.2026 14:54 Sources 1

About this happening: The **Operation Dragon Weave** campaign is actively targeting **officials and citizens in the Czech Republic and Taiwan** with **spear-phishing ZIP attachments**. The infection ch...

Open Happening

Webworm multi-country targeting campaign against government and enterprise victims

Campaign
H score38 First: 20.05.2026 15:51 Last: 20.05.2026 15:51 Sources 1

About this happening: **Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...

Open Happening

APT28 long-term espionage campaign targeting Ukrainian military personnel

Campaign
H score32 First: 10.03.2026 12:55 Last: 10.03.2026 12:55 Sources 1

About this happening: A **sustained APT28 espionage campaign** is using **BEARDSHELL** and **COVENANT** to surveil **Ukrainian military personnel**, extending access through **cloud-based C2** and incr...

Open Happening

North Korean stolen-identity IT job campaign against U.S. companies

Campaign
H score38 First: 20.02.2026 11:00 Last: 20.02.2026 11:00 Sources 1

About this happening: A **North Korea-linked** IT-worker campaign used **stolen identities** and **proxy accounts** to fraudulently place remote workers at **40 U.S. companies**, creating unauthorized...

Open Happening

Evasive Panda DNS poisoning MgBot espionage campaign

Campaign
H score33 First: 26.12.2025 16:44 Last: 26.12.2025 16:44 Sources 1

About this happening: **Evasive Panda** ran a **highly targeted cyber espionage campaign** that used **DNS poisoning** to deliver **MgBot** to victims in **Türkiye, China, and India**. The operation wa...

Open Happening

Timeline

  1. 23.10.2025 18:29 2 articles · 7mo ago

    North Korea-linked Operation Dream Job wave against European defense companies

    Initial Disclosure

    North Korea-linked threat actors associated with Lazarus Group targeted European defense companies in a new wave of Operation Dream Job activity, using fake job offers, a decoy document with a job description, and a trojanized PDF reader to deliver ScoringMathTea and MISTPEN while pursuing proprietary information and manufacturing know-how, including targets in the UAV sector.

    Show sources
    Open in new tab