Operation DreamJob hits Europe’s UAV supply chain: What DFIR teams need to collect, hunt, and block
ESET documented a late-March through mid-2025 surge of Operation DreamJob activity attributed to North Korea-aligned Lazarus, targeting multiple European defense companies - including firms that build UAV components and UAV software - to steal proprietary designs and manufacturing know-how. Initial access relied on classic “dream job” lures and trojanized readers/loaders; later stages delivered ScoringMathTea, a Lazarus RAT with ~40 commands. ESET links the focus on UAV know-how to North Korea’s push to scale its domestic drone program. (ESET WeLiveSecurity). (welivesecurity.com)