Today, Immersive's Container 7 Research Team have released a CTI lab looking at North Korean state-sponsored activity against British and European targets.
In early November 2025, North Korean state-sponsored actor Lazarus was reported to have launched various attacks as part of a long-standing cyberespionage campaign linked to Operation DreamJob. Targets of the attacks include European organizations manufacturing unmanned aerial vehicles (UAV), aircraft component manufacturers, and British industrial automation organization. Lazarus's and by extension North Korea's operational objectives with these attacks is assessed with high confidence to be cyber espionage.
What is this about?
The attacks launched by Lazarus used a custom remote access trojan called ScoringMathTea RAT, which uses its own cipher system to obfuscate its code to conceal its functionality from analysts. The lab involves reverse engineering the malware and identify indicators of compromise by breaking the cipher and using that to identify what the malware is doing.
Why is this critical for you and your team?
North Korean cybercriminals and state sponsored actors are highly skilled, persistent, and aggressive in the pursuit of the North Korean regimes objectives, and one of those objectives is stealing information from targets that can affect national security. Understanding how North Korean cyber operators conduct attacks and understanding their tooling is essential for analysts to be better equipped to tackle these threats.
Who is the content for?
- Malware Analysts and Reverse Engineers
- SOC Analysts
- Incident Responders
- Threat Hunters
- Tactical and Operational Cyber Threat Intelligence Analysts
Here is a link to the lab:
Immerser