Futures

North Korean Lazarus Group Targets European Drone Makers with ScoringMathTea Malware in New Campaign, (from page 20251130.)

External link

Keywords

Themes

Other

Summary

The North Korean hacking group Lazarus has targeted European drone manufacturers using malware called ScoringMathTea as part of its ongoing Operation DreamJob campaign. ESET researchers documented attempts to steal proprietary drone technology and manufacturing know-how from at least three companies in Central and Southeastern Europe. The fraudulent emails containing the malware mentioned drones, and at least one targeted a company involved in producing UAVs used in Ukraine. This aligns with reports of North Korean troops using reconnaissance drones in Russia against Ukraine. The ScoringMathTea malware, first traced back to 2022, has been linked to multiple cybersecurity breaches across various countries and industries. Overall, the Lazarus Group continues to use similar methods to execute phishing campaigns, which have drawn widespread scrutiny since 2020.

Signals

name description change 10-year driving-force relevancy
Increased Targeting of European Military Firms North Korean hackers increasingly targeting defense contractors in Europe for sensitive information. Shift from generic cyber attacks to focused threats against military manufacturing companies. European defense sectors may face heightened cyber risks and need for robust security measures. The escalating geopolitical tensions and military conflicts in Eastern Europe, particularly related to Ukraine. 5
Use of Sophisticated Malware in Cyber Espionage Evidence of advanced malware like ScoringMathTea being used for information theft by state actors. Transition from simple phishing attacks to complex cyber espionage involving targeted malware campaigns. Cybersecurity measures will need to evolve, incorporating advanced detection and response strategies. The increasing dependency of nations on technology for military strategies and operations. 4
Fake Job Offers as Cyber Attack Vectors Hackers utilizing fake job offers as a lure for delivering malware to targets. Emergence of new tactics in cyber attack methods, relying on social engineering rather than pure technical exploits. Job recruitment platforms may implement stricter verification to combat misuse in cyber attacks. The need for attackers to exploit human psychology and trust in online job markets. 4
Operational Coordination between North Korea and Russia Allegations of North Korean troops assisting Russian forces with drones in Ukraine. Potential shift in military collaboration between North Korea and Russia amidst the Ukraine conflict. North Korea could gain tactical advantages and improve its military capabilities via Russian collaboration. The ongoing complexities and alliances formed in response to international military conflicts. 3

Concerns

name description
Cybersecurity Threats from State-Sponsored Hacking North Korea’s Lazarus group targeting European defense companies highlights increasing state-sponsored cyber assaults on critical industries.
Proliferation of Malware The presence of ScoringMathTea malware poses risks to businesses worldwide, leading to potential data breaches and espionage.
Supply Chain Vulnerabilities in Defense Sector Attacks on companies involved in military equipment supply chains could weaken national defense capabilities amid geopolitical tensions.
Use of Reconnaissance Drones by Enemy Forces Integration of North Korean drone operators with Russian military operations raises concerns about battlefield intelligence on Ukraine.
Manipulation through Fake Job Offers Malicious recruitment tactics may exploit job seekers and employees, increasing vulnerabilities to corporate espionage.

Behaviors

name description
Targeted Cyber Espionage Hacking groups are increasingly targeting specific industries, such as defense, to steal sensitive information and technology.
Sophisticated Phishing Techniques Utilization of fake job offers and malware-laden emails to infiltrate organizations and access proprietary information.
Integration of Military Intelligence Hacking operations align with military objectives, gathering intelligence to support frontline operations in ongoing conflicts.
Exploitation of Supply Chains Targeting companies involved in manufacturing for advanced military technologies to enhance domestic capabilities.
Long-Term Campaign Strategies Consistent engagement in prolonged cyber campaigns to gather intelligence and compromise multiple organizations over time.
Adaptive Threat Methods Continuous evolution of tactics and payloads used by hacking groups to evade detection and improve success rates.

Technologies

name description
ScoringMathTea malware A new type of malware utilized by North Korean hackers to steal information and control infected systems, typically distributed through fake job offers.
Unmanned Aerial Vehicles (UAV) technology Advanced technologies related to drones that are being developed for military applications, particularly in conflict zones like Ukraine.

Issues

name description
North Korean Cyber Warfare Increased sophistication and targeting of cyber warfare by North Korean hacker groups against European defense sectors.
Drone Technology and Cybersecurity Risks The vulnerability of drone manufacturers to cyber attacks highlighting the intersection of advanced technology and national security threats.
Operation DreamJob Campaign Long-running malware attacks using fake job offers, evolving tactics by North Korean hackers for information theft.
Supply Chain Vulnerability Increased risks to the supply chain of military technology due to cyber espionage by state actors.
Geopolitical Implications of Cyber Espionage Cyber espionage activities influencing the dynamics of international conflicts, particularly in the context of Ukraine.
Employment-related Cyber Threats Increasing use of employment scams as a vector for cyber attacks, posing risks to job seekers and companies alike.