An internal filename disguised in malicious code sent to three European defense companies has exposed a new North Korean espionage campaign that security researchers believe is aimed at stealing UAV technology needed by Pyongyang to rapidly modernize its drone arsenal.
An internal filename disguised in malicious code sent to three European defense companies has exposed a new North Korean espionage campaign that security researchers believe is aimed at stealing UAV technology needed by Pyongyang to rapidly modernize its drone arsenal.
According to ESET Research, the attacks, attributed to the notorious North Korean hacking group Lazarus, lasted from March to August 2025, The Cyber Express writes .
The timing of the attacks was not coincidental. North Korean soldiers were stationed in Russia on the Kursk Bulge at the time. Intelligence analysts believe that this combat experience likely strengthened North Korea’s determination to accelerate the development of its own UAV production capabilities.
The attacks were carried out by Lazarus using fake job offers. Employees of victim companies received Trojan PDF files and fake job vacancies, delivering the malware under the guise of official recruitment documents.
Three companies were affected: a metallurgical company from Southeastern Europe, an aircraft parts manufacturer, and a defense company from Central Europe. At least two of the victims are directly involved in drone technology. One of these companies supplies critical components for drones used in Ukraine.
