• About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us
AimactGrow
  • Home
  • Technology
  • AI
  • SEO
  • Coding
  • Gaming
  • Cybersecurity
  • Digital marketing
No Result
View All Result
  • Home
  • Technology
  • AI
  • SEO
  • Coding
  • Gaming
  • Cybersecurity
  • Digital marketing
No Result
View All Result
AimactGrow
No Result
View All Result

North Korean Hackers Lure Protection Engineers With Faux Jobs to Steal Drone Secrets and techniques

Admin by Admin
October 23, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Oct 23, 2025Ravie LakshmananCyber Espionage / Risk Intelligence

Risk actors with ties to North Korea have been attributed to a brand new wave of assaults focusing on European corporations lively within the protection trade as a part of a long-running marketing campaign often called Operation Dream Job.

“A few of these [companies’ are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation may be linked to North Korea’s current efforts to scale up its drone program,” ESET security researchers Peter Kálnai and Alexis Rapin said in a report shared with The Hacker News.

It’s assessed that the end goal of the campaign is to plunder proprietary information and manufacturing know-how using malware families such as ScoringMathTea and MISTPEN. The Slovak cybersecurity company said it observed the campaign starting in late March 2025.

DFIR Retainer Services

Some of the targeted entities include a metal engineering company in Southeastern Europe, a manufacturer of aircraft components in Central Europe, and a defense company in Central Europe.

While ScoringMathTea (aka ForestTiger) was previously observed by ESET in early 2023 in connection with cyber attacks targeting an Indian technology company and a defense contractor in Poland, MISTPEN was documented by Google Mandiant in September 2024 as part of intrusions aimed at companies in the energy and aerospace verticals. The first appearance of ScoringMathTea dates back to October 2022.

Operation Dream Job, first exposed by Israeli cybersecurity company ClearSky in 2020, is a persistent attack campaign mounted by a prolific North Korean hacking group dubbed Lazarus Group, which is also tracked as APT-Q-1, Black Artemis, Diamond Sleet (formerly Zinc), Hidden Cobra, TEMP.Hermit, and UNC2970. The hacking group is believed to be operational since at least 2009.

In these attacks, the threat actors leverage social engineering lures akin to Contagious Interview to approach prospective targets with lucrative job opportunities and trick them into infecting their systems with malware. The campaign also exhibits overlaps with clusters tracked as DeathNote, NukeSped, Operation In(ter)ception, and Operation North Star.

“The dominant theme is a lucrative but faux job offer with a side of malware: the target receives a decoy document with a job description and a trojanized PDF reader to open it,” ESET researchers said.

CIS Build Kits

The attack chain leads to the execution of a binary, which is responsible for sideloading a malicious DLL that drops ScoringMathTea as well as a sophisticated downloader codenamed BinMergeLoader, which functions similarly to MISTPEN and uses Microsoft Graph API and tokens to fetch additional payloads.

Alternate infection sequences have been found to leverage an unknown dropper to deliver two interim payloads, the first of which loads the latter, ultimately resulting in the deployment of ScoringMathTea, an advanced RAT that supports around 40 commands to take complete control over the compromised machines.

“For nearly three years, Lazarus has maintained a consistent modus operandi, deploying its preferred main payload, ScoringMathTea, and using similar methods to trojanize open-source applications,” ESET said. “This predictable, yet effective, strategy delivers sufficient polymorphism to evade security detection, even if it is insufficient to mask the group’s identity and obscure the attribution process.”

Tags: DefenseDroneEngineersFakehackersjobsKoreanLureNorthSecretsSteal
Admin

Admin

Next Post
Amazon’s $12 Studying Accent Is Extremely Rated And Excellent For Each Day Use

Amazon's $12 Studying Accent Is Extremely Rated And Excellent For Each Day Use

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

Automated Visible Regression Testing With Playwright

Automated Visible Regression Testing With Playwright

March 30, 2025
Shinobi: Artwork Of Vengeance Deal – Save On Steam Keys For A Restricted Time

Shinobi: Artwork Of Vengeance Deal – Save On Steam Keys For A Restricted Time

September 1, 2025

Trending.

Nsfw Chatgpt Options – Examples I’ve Used

Nsfw Chatgpt Options – Examples I’ve Used

October 13, 2025
ModeloRAT and Mistic Backdoor Exercise Linked to Ransomware Preliminary Entry Dealer

ModeloRAT and Mistic Backdoor Exercise Linked to Ransomware Preliminary Entry Dealer

June 24, 2026
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Acquire Root Entry

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Acquire Root Entry

June 25, 2026
Web Information Caps Defined: The right way to Keep away from Overages and Discover Limitless Plans

Web Information Caps Defined: The right way to Keep away from Overages and Discover Limitless Plans

September 23, 2025
Hijacked npm and Go Packages Use VS Code Duties to Deploy Python Infostealer

Hijacked npm and Go Packages Use VS Code Duties to Deploy Python Infostealer

June 29, 2026

AimactGrow

Welcome to AimactGrow, your ultimate source for all things technology! Our mission is to provide insightful, up-to-date content on the latest advancements in technology, coding, gaming, digital marketing, SEO, cybersecurity, and artificial intelligence (AI).

Categories

  • AI
  • Coding
  • Cybersecurity
  • Digital marketing
  • Gaming
  • SEO
  • Technology

Recent News

Important Zimbra Flaw Might Let Crafted Emails Run Malicious Code in Consumer Classes

Important Zimbra Flaw Might Let Crafted Emails Run Malicious Code in Consumer Classes

July 11, 2026
AI Visibility Rankings Aren’t Secure – New Analysis Reveals It is Largely Statistical Noise

AI Visibility Rankings Aren’t Secure – New Analysis Reveals It is Largely Statistical Noise

July 11, 2026
  • About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us

© 2025 https://blog.aimactgrow.com/ - All Rights Reserved

No Result
View All Result
  • Home
  • Technology
  • AI
  • SEO
  • Coding
  • Gaming
  • Cybersecurity
  • Digital marketing

© 2025 https://blog.aimactgrow.com/ - All Rights Reserved