ESET Research has uncovered a fresh wave of cyberespionage attacks linked to North Korea-aligned Lazarus Group, targeting several European companies in the defence sector, particularly those involved in unmanned aerial vehicle (UAV) technology.
The campaign, tracked under the codename Operation DreamJob, reportedly began in late March 2025 and used sophisticated social engineering tactics, including fake job offers and trojanized open-source projects, to infiltrate systems.
According to ESET, the attackers deployed ScoringMathTea, a remote access trojan (RAT) that grants full control over compromised machines.
The malware, first seen in late 2022, has become a staple in Lazarus operations.
Three companies were targeted:
– A metal engineering firm in Southeastern Europe,
– An aircraft component manufacturer in Central Europe,
– A defence company also based in Central Europe.
ESET researchers believe the primary objective was to steal proprietary information and manufacturing know-how, especially related to drone technology.
The targeted firms produce military equipment currently deployed in Ukraine, reinforcing suspicions of geopolitical motives.
Responding to the findings, Olufemi Ake, Managing Director of ESET Nigeria, warned of growing vulnerabilities in West Africa’s defence ecosystem.
“With increasing digital connectivity and expanding defence partnerships, our region is becoming an attractive target for cyberattacks,” Ake said.
He identified high-risk sectors including government agencies, engineering and technology firms, critical infrastructure operators, and the defence and media industries.
To mitigate threats, Ake urged organisations to integrate cybersecurity awareness into onboarding, deploy robust device protection, and adopt advanced threat detection systems.
He also called on West African governments to prioritise cybersecurity as a strategic imperative.
“Cyber resilience must be at the forefront of national agendas,” Ake said. “This requires regional collaboration, sustained awareness campaigns, and long-term investment in cybersecurity capacity-building.”
