Operation Dream Job North Korea-linked campaign targeting European defense companies
Campaign
Summary
Hide ▲
Show ▼
Operation Dream Job has entered a new wave of attacks against European defense companies, raising the risk of theft of proprietary information and manufacturing know-how. The operation is linked to North Korea and has been active since late March 2025. Attackers are using fake job offers and malware-laced lures to reach targets. The activity is especially relevant to companies involved in the UAV/drone sector.
Related Happenings
Webworm multi-country targeting campaign against government and enterprise victims
Campaign
First: 20.05.2026 15:51
Last: 20.05.2026 15:51
Sources 1
About this happening:
**Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
Webworm multi-country targeting campaign against government and enterprise victims
CampaignAbout this happening: **Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
APT28 long-term espionage campaign targeting Ukrainian military personnel
Campaign
First: 10.03.2026 12:55
Last: 10.03.2026 12:55
Sources 1
About this happening:
A **sustained APT28 espionage campaign** is using **BEARDSHELL** and **COVENANT** to surveil **Ukrainian military personnel**, extending access through **cloud-based C2** and incr...
APT28 long-term espionage campaign targeting Ukrainian military personnel
CampaignAbout this happening: A **sustained APT28 espionage campaign** is using **BEARDSHELL** and **COVENANT** to surveil **Ukrainian military personnel**, extending access through **cloud-based C2** and incr...
North Korean stolen-identity IT job campaign against U.S. companies
Campaign
First: 20.02.2026 11:00
Last: 20.02.2026 11:00
Sources 1
About this happening:
A **North Korea-linked** IT-worker campaign used **stolen identities** and **proxy accounts** to fraudulently place remote workers at **40 U.S. companies**, creating unauthorized...
North Korean stolen-identity IT job campaign against U.S. companies
CampaignAbout this happening: A **North Korea-linked** IT-worker campaign used **stolen identities** and **proxy accounts** to fraudulently place remote workers at **40 U.S. companies**, creating unauthorized...
Evasive Panda DNS poisoning MgBot espionage campaign
Campaign
First: 26.12.2025 16:44
Last: 26.12.2025 16:44
Sources 1
About this happening:
**Evasive Panda** ran a **highly targeted cyber espionage campaign** that used **DNS poisoning** to deliver **MgBot** to victims in **Türkiye, China, and India**. The operation wa...
Evasive Panda DNS poisoning MgBot espionage campaign
CampaignAbout this happening: **Evasive Panda** ran a **highly targeted cyber espionage campaign** that used **DNS poisoning** to deliver **MgBot** to victims in **Türkiye, China, and India**. The operation wa...
MuddyWater phishing campaign targeting Israeli entities with MuddyViper
Campaign
First: 02.12.2025 15:37
Last: 02.12.2025 15:37
Sources 1
About this happening:
A **MuddyWater** phishing campaign is targeting **Israeli academia, government, industry, transport, and utilities**, and the operation matters because it is delivering the **Mudd...
MuddyWater phishing campaign targeting Israeli entities with MuddyViper
CampaignAbout this happening: A **MuddyWater** phishing campaign is targeting **Israeli academia, government, industry, transport, and utilities**, and the operation matters because it is delivering the **Mudd...
Timeline
-
23.10.2025 18:29 2 articles · 7mo ago
North Korea-linked Operation Dream Job wave against European defense companies
Initial DisclosureNorth Korea-linked threat actors associated with Lazarus Group targeted European defense companies in a new wave of Operation Dream Job activity, using fake job offers, a decoy document with a job description, and a trojanized PDF reader to deliver ScoringMathTea and MISTPEN while pursuing proprietary information and manufacturing know-how, including targets in the UAV sector.
Show sources
- North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets — thehackernews.com — 23.10.2025 18:29
- North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets — thehackernews.com — 23.10.2025 18:29