Lazarus Group, a notorious cybercrime organization believed to be backed by North Korea’s intelligence agencies, has reportedly launched a sustained cyber-espionage campaign targeting drone manufacturers across Europe.
The group’s objective is to steal highly sensitive proprietary information related to unmanned aerial vehicle (UAV) technology, including drone designs, operational systems, and manufacturing processes. This stolen intelligence is expected to help North Korean defense manufacturers accelerate the development of advanced drone technologies within the region.
The campaign is believed to have been initiated after North Korean leader Kim Jong Un observed the growing strategic importance of drones in modern warfare, particularly during the ongoing conflict between Ukraine and Russia.
The extensive use of UAVs for surveillance, reconnaissance, and precision strikes reportedly highlighted the technological gap North Korea seeks to close. Rather than pursuing conventional research and development routes, the regime allegedly turned to cyber-espionage as a faster and less transparent alternative.
To carry out this mission, the Lazarus Group—also known as “Hidden Cobra”—launched a coordinated hacking effort dubbed Operation DreamJob in March 2025. This operation specifically targeted companies involved in the development of unmanned aerial systems and related technologies across Central and Southern Europe. Many of these firms operate within the aerospace and defense sectors, making them high-value targets for foreign intelligence collection.
Security researchers analyzing the campaign revealed that the attackers employed a combination of phishing, malware delivery, and vishing (voice-based phishing) techniques. Employees holding senior or technically significant roles were contacted through carefully crafted emails and fake recruitment offers, which appeared legitimate on the surface. Once engaged, victims were tricked into downloading malware or disclosing login credentials, allowing attackers to gain unauthorized access to internal corporate networks.
Through these intrusions, hackers were able to collect sensitive data, including internal documents, engineering schematics, and operational insights. Experts estimate that at least three European drone manufacturers fell victim to these phishing attacks beginning in April 2024. However, the breaches went undetected for several months, with affected companies reportedly discovering the compromises only by October 2025.
According to intelligence assessments, North Korea achieved a degree of success through Operation DreamJob. Stolen data is believed to include technical material related to combat drones comparable in capability to the MQ-9 Reaper and the RQ-4 Global Hawk—advanced UAV platforms that have played significant roles in surveillance and combat operations observed during the Kyiv–Moscow conflict.
The incident underscores the growing threat of state-sponsored cyber espionage and highlights the urgent need for stronger cybersecurity defenses within Europe’s aerospace and defense industries.
Join our LinkedIn group Information Security Community!
