Operation Dreamjob

Campaign updated 7 months ago (2024-05-04T16:53:34.845Z)
Download STIX
Preview STIX
Operation DreamJob is a campaign attributed to the Lazarus group, a North Korea-aligned group infamous for its cyberespionage and financial theft activities. The campaign was first coined in a blog post by ClearSky in August 2020, where it described Lazarus' attempts to target defense and aerospace companies for cyberespionage purposes. The campaign involves reaching out to potential targets through LinkedIn, posing as recruiters from industry leaders, and luring them with attractive job offers. This method of operation underscores that the Lazarus group's objectives are not solely financial but also include espionage goals. ESET researchers discovered a new Lazarus Operation DreamJob campaign targeting Linux users. The Linux component of this campaign was named SimplexTea, which is used to compromise unsuspecting victims who fall for the fake job offers. This discovery corroborates the theory that the Lazarus group was behind the 3CX supply-chain attack, as similarities were found with the newly discovered Linux malware used in Operation DreamJob. The Lazarus actor would typically pretend to be a recruiter from Meta (formerly Facebook), named Steve Dawson, to initiate the attack. The Operation DreamJob campaign has been linked with high confidence to several attacks, including one in Spain. The campaign has also been known under other names such as DeathNote or NukeSped. Security vendors like ESET have been actively tracking the campaign, providing valuable insights into the Lazarus group's tactics. With this information now public, companies are better equipped to identify compromises and contain incidents related to this campaign.
Description last updated: 2024-05-04T16:53:34.302Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
DreamJob is a possible alias for Operation Dreamjob. "DreamJob" is a highly sophisticated and lucrative campaign led by the infamous Lazarus Group, a North Korea-aligned cybercriminal entity. The operation, first identified in a blog post by ClearSky in August 2020, targets defense and aerospace companies with an objective of cyberespionage. The group
3
Lazarus Group is a possible alias for Operation Dreamjob. The Lazarus Group, a notorious North Korean state-sponsored threat actor, is among the most prolific and dangerous cyber threat actors in operation. The group has been involved in several high-profile cyber-attacks, including Operation DreamJob in Spain, with the primary objective of funding North K
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
DreamJob
Linux
Malware
3cx
Apt
Eset
Espionage
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Operation Dreamjob Campaign was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
CERT-EU
a year ago
DARKReading
2 years ago
Securityaffairs
2 years ago
ESET
2 years ago
InfoSecurity-magazine
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago