DreamJob

Campaign updated 7 months ago (2024-05-04T18:00:47.561Z)
Download STIX
Preview STIX
"DreamJob" is a highly sophisticated and lucrative campaign led by the infamous Lazarus Group, a North Korea-aligned cybercriminal entity. The operation, first identified in a blog post by ClearSky in August 2020, targets defense and aerospace companies with an objective of cyberespionage. The group uses social engineering tactics, specifically deploying fake job offers as lures to compromise its targets. In the past, these attacks have resulted in significant financial gains for the group, including the theft of $620 million from Axie Infinity. Recently, ESET researchers have discovered a new Lazarus Operation DreamJob campaign targeting Linux users, marking the first time this demographic has been targeted in such a campaign. This new campaign, dubbed "Operation DreamJob with a Linux payload," uses an HSBC-themed lure and a Linux component named SimplexTea. The attack typically starts with a LinkedIn message from a Lazarus actor pretending to be a recruiter from Meta (formerly Facebook), named Steve Dawson. The payload is likely distributed through spearphishing or direct messages on LinkedIn. The Lazarus Group's activities are not solely financially motivated. The recent discovery underscores that the group's campaigns also encompass espionage objectives. This was evident in the group's attack in Spain, which security experts attribute to Operation DreamJob with a high level of confidence. Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the Lazarus Group was behind the 3CX supply-chain attack.
Description last updated: 2024-05-04T18:00:47.516Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Operation Dreamjob is a possible alias for DreamJob. Operation DreamJob is a campaign attributed to the Lazarus group, a North Korea-aligned group infamous for its cyberespionage and financial theft activities. The campaign was first coined in a blog post by ClearSky in August 2020, where it described Lazarus' attempts to target defense and aerospace
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Linux
3cx
Operation Dr...
Apt
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lazarus Group Threat Actor is associated with DreamJob. The Lazarus Group, a notorious North Korean state-sponsored threat actor, is among the most prolific and dangerous cyber threat actors in operation. The group has been involved in several high-profile cyber-attacks, including Operation DreamJob in Spain, with the primary objective of funding North KUnspecified
3
Source Document References
Information about the DreamJob Campaign was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
2 years ago
CERT-EU
a year ago
CERT-EU
a year ago
ESET
2 years ago
InfoSecurity-magazine
2 years ago
Securityaffairs
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
DARKReading
2 years ago
CERT-EU
a year ago