ESET researchers have uncovered a new instance of Operation DreamJob, a cyberespionage campaign attributed to the North Korea-aligned Lazarus group. The attackers targeted European companies in the defense industry, particularly those involved in unmanned aerial vehicle (UAV) technology. The campaign aligns with North Korea's efforts to enhance its drone program, likely aiming to steal proprietary information and manufacturing know-how. The attackers used social engineering techniques, trojanized open-source projects, and deployed the ScoringMathTea RAT. The toolset included various droppers, loaders, and downloaders, with execution chains delivering BinMergeLoader and ScoringMathTea. The campaign's focus on UAV technology reflects North Korea's investment in drone manufacturing and its reliance on reverse engineering and intellectual property theft.