Cyber Resilience

Campaign · all campaigns

Operation Dream JobC0022 state

🇰🇵 KP · RGB · Bureau 121 / Lab 110

aka Operation Dream Job, Operation North Star, Operation Interception

Run by Lazarus Group

Last updated: 2026-07-03

3attributed CVEs
81ATT&CK techniques
10.7IDF score (tooling uniqueness)
1exclusive CVEs
2026years active

About this actor

[Operation Dream Job](https://attack.mitre.org/campaigns/C0022) was a cyber espionage operation likely conducted by [Lazarus Group](https://attack.mitre.org/groups/G0032) that targeted the defense, aerospace, government, and other sectors in the United States, Israel, Australia, Russia, and India. In at least one case, the cyber actors tried to monetize their network access to conduct a business email compromise (BEC) operation. In 2020, security researchers noted overlapping TTPs, to include fake job lures and code similarities, between [Operation Dream Job](https://attack.mitre.org/campaigns/C0022), Operation North Star, and Operation Interception; by 2022 security researchers described [Operation Dream Job](https://attack.mitre.org/campaigns/C0022) as an umbrella term covering both Operation Interception and Operation North Star.(Citation: ClearSky Lazarus Aug 2020)(Citation: McAfee Lazarus Jul 2020)(Citation: ESET Lazarus Jun 2020)(Citation: The Hacker News Lazarus Aug 2022)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2026-31635 5.57.50.00822026-04-24see CVE
CVE-2026-45585 3.56.80.01252026-05-20see CVE
CVE-2018-2025010 0.00.00.0000see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-442 / 8152%
SI-333 / 8141%
CM-232 / 8140%
CM-632 / 8140%
CM-725 / 8131%
CA-724 / 8130%
SC-722 / 8127%
AC-319 / 8123%
AC-619 / 8123%
SI-719 / 8123%
AC-218 / 8122%
AC-418 / 8122%
SI-1015 / 8119%
SI-214 / 8117%
RA-513 / 8116%

Co-occurring actors

Similar actors

Overlapping CVEs

Same nation-state

Same category