CyberWatch Weekly: Latest Global Cybersecurity Threats and Espionage Campaigns Unfolding

Cyberattacks are increasingly targeting strategic sectors worldwide, from defense firms in Europe to businesses in Japan. Recent campaigns, leveraging advanced malware, social engineering, and AI-powered tools, highlight how threat actors are scaling their operations and exploiting vulnerabilities. From fake job offers to automated spearphishing, attackers are infiltrating networks to steal sensitive data and intellectual property. While specific incidents vary by region, the underlying tactics emphasize the growing sophistication of cyber threats. Here’s a look at this week’s top headlines in cybersecurity and the key takeaways for organizations.

North Korean Hackers Target European Drone Firms in Operation Dream Job Cyber Campaign

Recent cyberattacks on European defense and aerospace firms indicate an intensified interest by North Korea in acquiring advanced drone technology. Researchers at Eset attribute the intrusions to the Lazarus Group, likely motivated by Pyongyang’s desire to develop unmanned aerial vehicles (UAVs) for military purposes, including reconnaissance missions in Ukraine. The breaches, beginning in late March, exploited social engineering tactics such as fake job offers, which delivered malware like ScoringMathTea, a remote-access trojan enabling attackers to control compromised systems. Targets included a metal engineering company, an aircraft component manufacturer, and two UAV developers. Analysts say these campaigns replicate previous Operation Dream Job attacks, where malware is disguised in decoy documents sent to unsuspecting employees.

Cybersecurity experts advise firms in UAV and defense sectors to implement strict email filtering, multi-factor authentication, employee awareness training, endpoint protection, and real-time monitoring of network activity to prevent unauthorized access and safeguard sensitive intellectual property. Proactive threat intelligence sharing is also recommended to mitigate the risk of future espionage.

Source: InfoRiskToday

AI-Optimized Cybercrime Targets Japan’s Businesses, Ransomware and Phishing on the Rise

Japan is experiencing a surge in AI-accelerated cybercrime, with attackers leveraging artificial intelligence to scale operations and increase attack precision. CrowdStrike’s 2025 Asia-Pacific report highlights Japan, India, and Australia as top targets, with many threats traced to Chinese-speaking cybercriminals operating through underground marketplaces. Attacks have ranged from AI-driven phishing campaigns to ransomware and fraudulent trading schemes on Japanese securities platforms, impacting firms like Rakuten and SBI Securities. Threat actors exploit compromised credentials, malware, and social engineering tactics to infiltrate systems, often using automated spearphishing to reach thousands of employees. Businesses remain vulnerable due to weak passwords, reused credentials, and human error.

Experts recommend strengthening defenses through AI-assisted threat detection, multi-factor authentication, continuous employee awareness training, secure password policies, and collaboration across sectors. Rapid patching of vulnerabilities, monitoring anomalous activity, and proactive intelligence sharing are crucial for mitigating future attacks.

Source: The Japan Times

North Korean Hackers Target European Defense Firms to Steal Drone Technology

European defense companies, including firms developing unmanned aerial vehicles (UAVs), have been targeted in a sophisticated cyberespionage campaign linked to North Korea’s Lazarus Group. Researchers tracking the attacks under Operation DreamJob suggest Pyongyang aims to acquire proprietary information and manufacturing know-how to accelerate its domestic drone program, influenced by lessons from the Russia-Ukraine conflict. The attacks began with social engineering tactics, such as fake job offers, prompting employees to open trojanized documents and download malware like ScoringMathTea. Once inside networks, attackers gained full control over systems, exfiltrated sensitive data, and used compromised servers for command-and-control communication. Indicators, including DLLs referencing drones, point to a specific interest in UAV designs currently deployed in Ukraine.

Experts advise companies to strengthen cybersecurity through multi-layered defenses, continuous monitoring, and employee training. Measures such as phishing-resistant authentication, supply chain validation, and network segmentation can reduce exposure to similar attacks. Proactive threat monitoring and intelligence sharing are essential to safeguard critical intellectual property and prevent cyberespionage from compromising strategic technological assets.

Source: WeLiveSecurity

Conclusion

Rising cyber threats underscore the importance of proactive defense, continuous monitoring, and employee awareness. From state-backed espionage to AI-optimized attacks, organizations must adopt layered security measures and share intelligence across sectors. Staying alert and prepared remains essential as cybercrime evolves.

Stay vigilant and informed, tune in next week for more updates in InfosecTrain’s CyberWatch Weekly!