Threat actors with documented ties to North Korea have launched a series of sophisticated cyberattacks, specifically targeting European companies within the defense industry. This ongoing operation, identified as Operation Dream Job, employs a deceptive tactic: luring defense engineers with fake job opportunities. The ultimate objective of these attacks is to illicitly acquire sensitive drone secrets and other critical proprietary information.

Operation Dream Job Targets UAV Sector

The campaign’s focus on companies heavily involved in the unmanned aerial vehicle (UAV) sector strongly indicates a strategic link to North Korea’s ambition to advance its own drone program. ESET security researchers Peter Kálnai and Alexis Rapin detailed these findings in a report shared with The Hacker News on October 23, 2025. The Slovak cybersecurity company stated it observed the campaign commencing in late March 2025. The end goal is to plunder proprietary information and manufacturing know-how, facilitated by specific malware families known as ScoringMathTea and MISTPEN.

Cyber Espionage Tactics Revealed

The targeted entities span various segments of the European defense sector. Examples include a metal engineering company located in Southeastern Europe, a prominent manufacturer of aircraft components in Central Europe, and a dedicated defense company also situated in Central Europe. These focused attacks underscore a persistent state-sponsored cyber espionage effort. The North Korean threat actors aim to steal critical technological advancements and industrial secrets essential for defense applications, particularly those related to UAV development and production capabilities.

This long-running campaign highlights the sophisticated methods employed by nation-state actors to achieve strategic military and technological advantages through persistent cyber espionage against vital industries.