Gotta fly: Lazarus targets the UAV sector
Contents
ESET researchers have recently observed a new instance of Operation DreamJob – a campaign that we track under the umbrella of North Korea-aligned Lazarus – in which several European companies active in the defense industry were targeted. Some of these are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation may be linked to North Korea’s current efforts to scale up its drone program. This blogpost discusses the broader geopolitical implications of the campaign, and provides a high-level overview of the toolset used by the attackers.
Key points of this blogpost:
- Lazarus attacks against companies developing UAV technology align with recently reported developments in the North Korean drone program.
- The suspected primary goal of the attackers was likely the theft of proprietary information and manufacturing know-how.
- Based on the social-engineering technique used for initial access, trojanizing open-source projects from GitHub, and the deployment of ScoringMathTea, we consider …
Key points of this blogpost:
- Lazarus attacks against companies developing UAV technology align with recently reported developments in the North Korean drone program.
- The suspected primary goal of the attackers was likely the theft of proprietary information and manufacturing know-how.
- Based on the social-engineering technique used for initial access, trojanizing open-source projects from GitHub, and the deployment of ScoringMathTea, we consider …
IoC
https://galaterrace.com/wp-content/themes/hello-elementor/includes/functions.php
https://coralsunmarine.com/wp-content/themes/flatsome/inc/functions/function-hand.php
http://coralsunmarine.com
https://oldlinewoodwork.com/wp-content/themes/zubin/inc/index.php
http://152.42.239.211
http://77.55.252.111
http://75.102.23.3
https://kazitradebd.com/wp-content/themes/hello-elementor/includes/customizer/customizer-hand.php
https://mediostresbarbas.com.ar/php_scrip/banahosting/index.php
https://partnerls.pl/wp-content/themes/public/index.php
http://193.39.187.165
http://www.scoringmnmathleague.org
http://95.217.119.214
https://www.mnmathleague.org/ckeditor/adapters/index.php
http://www.anvil.org.ph
https://www.bandarpowder.com/public/assets/buttons/bootstrap.php
http://108.181.92.71
http://172.67.193.139
https://www.anvil.org.ph/list/images/index.php
http://45.148.29.122
https://ecudecode.mx/redsocial/wp-content/themes/buddyx/inc/Customizer/usercomp.php
http://23.111.133.162
http://70.32.24.131
http://partnerls.pl
http://104.21.80.1
https://trainingpharmacist.co.uk/bootstrap/bootstrap.php
http://ecudecode.mx
http://104.247.162.67
https://pierregems.com/wp-content/themes/woodmart/inc/configs/js-hand.php
http://kazitradebd.com
http://pierregems.com
https://www.scgestor.com.br/wp-content/themes/vantage/inc/template-headers.php
http://185.148.129.24
http://galaterrace.com
https://spaincaramoon.com/realestate/wp-content/plugins/gravityforms/forward.php
http://www.scgestor.com.br
http://66.29.144.75
23.111.133.162
66.29.144.75
193.39.187.165
104.21.80.1
172.67.193.139
77.55.252.111
104.247.162.67
185.148.129.24
95.217.119.214
75.102.23.3
70.32.24.131
45.148.29.122
152.42.239.211
108.181.92.71
[email protected]
03D9B8F0FCF9173D2964CE7173D21E681DFA8DA4
https://coralsunmarine.com/wp-content/themes/flatsome/inc/functions/function-hand.php
http://coralsunmarine.com
https://oldlinewoodwork.com/wp-content/themes/zubin/inc/index.php
http://152.42.239.211
http://77.55.252.111
http://75.102.23.3
https://kazitradebd.com/wp-content/themes/hello-elementor/includes/customizer/customizer-hand.php
https://mediostresbarbas.com.ar/php_scrip/banahosting/index.php
https://partnerls.pl/wp-content/themes/public/index.php
http://193.39.187.165
http://www.scoringmnmathleague.org
http://95.217.119.214
https://www.mnmathleague.org/ckeditor/adapters/index.php
http://www.anvil.org.ph
https://www.bandarpowder.com/public/assets/buttons/bootstrap.php
http://108.181.92.71
http://172.67.193.139
https://www.anvil.org.ph/list/images/index.php
http://45.148.29.122
https://ecudecode.mx/redsocial/wp-content/themes/buddyx/inc/Customizer/usercomp.php
http://23.111.133.162
http://70.32.24.131
http://partnerls.pl
http://104.21.80.1
https://trainingpharmacist.co.uk/bootstrap/bootstrap.php
http://ecudecode.mx
http://104.247.162.67
https://pierregems.com/wp-content/themes/woodmart/inc/configs/js-hand.php
http://kazitradebd.com
http://pierregems.com
https://www.scgestor.com.br/wp-content/themes/vantage/inc/template-headers.php
http://185.148.129.24
http://galaterrace.com
https://spaincaramoon.com/realestate/wp-content/plugins/gravityforms/forward.php
http://www.scgestor.com.br
http://66.29.144.75
23.111.133.162
66.29.144.75
193.39.187.165
104.21.80.1
172.67.193.139
77.55.252.111
104.247.162.67
185.148.129.24
95.217.119.214
75.102.23.3
70.32.24.131
45.148.29.122
152.42.239.211
108.181.92.71
[email protected]
03D9B8F0FCF9173D2964CE7173D21E681DFA8DA4