- Lazarus Group used faux job gives to contaminate Southeastern European drone corporations with malware
- Attackers stole proprietary UAV knowledge and deployed a RAT for full system management
- Targeted drones are utilized in Ukraine; North Korea is growing comparable plane
Infamous North Korean state-sponsored menace actors, Lazarus Group, have been focusing on Southeastern European protection corporations with their Operation DreamJob scams.
Security researchers at ESET declare the purpose of the assaults was to steal the know-how and different proprietary info on unmanned aerial automobiles (UAV) and drones.
Lazarus is understood for its work in supporting North Korea’s weapons growth program. This is normally carried out by attacking crypto corporations, stealing cash, after which utilizing it to fund analysis and growth. In this case, the operation is considerably completely different, however the purpose is similar.
ScoringMathTea
Operation DreamJob is Lazarus’ signature transfer. The group would create faux corporations, faux personas, and pretend jobs, after which attain out to their targets, providing profitable positions.
People who take the bait are normally invited to a number of rounds of “job interviews” and trials, through which they’re requested to obtain PDF recordsdata, applications, apps, and code.
However, as a substitute of truly finishing any “trials”, the victims would merely be downloading malware.
ESET says the assaults befell at roughly the identical time when North Korean troopers have been in Russia, aiding the Russian military within the Kursk area, which was in late 2024. At least three corporations have been breached, and data on easy methods to construct drones was stolen.
The researchers defined that North Korea is constructing drones of its personal, and that lots of the supplies utilized in Eastern European drones are additionally utilized in North Korea. They additionally defined that lots of the drones designed in Eastern Europe are getting used within the Ukrainian warfare, which is why they have been of specific curiosity to Lazarus.
After breaching their targets, the attackers would deploy ScoringMathTea, a distant entry trojan (RAT) that grants full management over the compromised machine.
“We believe that it is likely that Operation DreamJob was – at least partially – aimed at stealing proprietary information, and manufacturing know-how, regarding UAVs. The drone mention observed in one of the droppers significantly reinforces this hypothesis,” says ESET researcher Peter Kálnai, who found and analyzed these newest Lazarus assaults.
“We have found evidence that one of the targeted entities is involved in the production of at least two UAV models that are currently employed in Ukraine, and which North Korea may have encountered on the front line. This entity is also involved in the supply chain of advanced single-rotor drones, a type of aircraft that Pyongyang is actively developing,” provides Alexis Rapin, ESET cyberthreat analyst.
