Gotta fly: Targeting the UAV sector

Nov. 10, 2025, 12:06 p.m.

Description

ESET researchers have uncovered a new instance of Operation DreamJob, a cyberespionage campaign attributed to the North Korea-aligned Lazarus group. The attackers targeted European companies in the defense industry, particularly those involved in unmanned aerial vehicle (UAV) technology. The campaign aligns with North Korea's efforts to enhance its drone program, likely aiming to steal proprietary information and manufacturing know-how. The attackers used social engineering techniques, trojanized open-source projects, and deployed the ScoringMathTea RAT. The toolset included various droppers, loaders, and downloaders, with execution chains delivering BinMergeLoader and ScoringMathTea. The campaign's focus on UAV technology reflects North Korea's investment in drone manufacturing and its reliance on reverse engineering and intellectual property theft.

External References

https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/
https://otx.alienvault.com/pulse/6910193940d4cd48acfd0529
Tags
social engineering
north korea
cyberespionage
defense industry
trojanized software
scoringmathtea
quanpinloader
operation dreamjob
2025-11-09
uav
binmergeloader

Date

  • Created: Nov. 9, 2025, 4:31 a.m.
  • Published: Nov. 9, 2025, 4:31 a.m.
  • Modified: Nov. 10, 2025, 12:06 p.m.

Attack Patterns

  • QuanPinLoader
  • BinMergeLoader
  • ScoringMathTea
  • Lazarus

Additional Informations

  • Aerospace
  • Defense
  • Manufacturing