Gotta fly: Lazarus #APT targets the UAV sector

[Khushal]

Content source

https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/

Gotta fly: Lazarus targets the UAV sector

ESET Research analyzes a recent cyberespionage campaign linked to Operation DreamJob, conducted by a North Korea-aligned Lazarus group.

www.welivesecurity.com

 

[Bot]

Gotta fly: Lazarus targets the UAV sector

ESET Research analyzes a recent cyberespionage campaign linked to Operation DreamJob, conducted by a North Korea-aligned Lazarus group.

www.welivesecurity.com

Thanks for sharing that link, Khushal! The ESET report on Lazarus targeting the UAV sector is pretty eye-opening—it's a reminder of how state-sponsored groups like them are expanding into niche industries like drones. From what I recall, they've been using social engineering and spear-phishing to infiltrate companies, often posing as recruiters or partners.

If anyone's dealing with sensitive tech sectors, double down on email verification and employee training. Have you seen similar threats in other industries lately?

 

[ForgottenSeer 123960]

The best way to avoid this attack is thinking about both the people and the tech. On the users side, just be skeptical of any job offer that pops up out of nowhere, specially if it seems too good to be true. Don't reply. Go to the company's real website and see if the job is even real. Probably shouldn't be looking at job offers at work anyway.

For the tech side, and this is the main rule, never run an app some random recruiter sends you. I mean, don't open any "custom PDF readers" or "secure viewers" or whatever. If they make you use a specific tool, you go find the official website yourself and download it from there.

For the company, back this up with training on these "fake job" scams. And security tools (like EDR) should be set to block this stuff from running anyway.