“The in-the-wild attacks successively targeted three European companies active in the defense sector,” researchers added. “Although their activities are somewhat diverse, these entities can be described as a metal engineering company (Southeastern Europe), a manufacturer of aircraft components (Central Europe), and a defense company (Central Europe).”
Meanwhile, imagery and reports indicate that North Korea is actively pursuing its own drone manufacturing capability–Saetbyol-4 and Saetboyl-9 models which bear more than a passing resemblance to US equivalents, the blog noted. The theft of design data, manufacturing process know-how, and supply chain intelligence could accelerate Pyongyang’s UAV push.
ESET has provided downloadable IoCs (SHA-1 hashes, C2 domains, and IPs) and a GitHub repo with the full artifact set and mapped the campaign to MITRE ATT&CK techniques such as DLL side-loading (T1574.002), user execution (T1204.002), reflective code loading (T1620), process injection (T1055), and web protocol C2 (T1071.001). According to ESET researchers, defenders in the aerospace and UAV supply chain should ingest these IoCs, tune detections for the listed TTPs, and apply the containment and hunting steps.
