As global cyber espionage campaigns intensify, ESET Nigeria warns that the defence, technology and critical infrastructure sectors in West Africa are becoming increasingly attractive targets for sophisticated threat actors.
This is when the company's Managing Director, Olufemi Eke, has urged organizations to prioritize cyber security awareness training as a core part of employee onboarding and operational processes.
His warning comes after new research findings from ESET, a global cyber security firm, have uncovered a new wave of cyber attacks linked to the notorious North Korea-aligned Lazarus Group. The campaign, called Operation Dreamjob, reportedly targeted several European defense contractors, particularly those involved in unmanned aerial vehicle (UAV) development and manufacturing.
According to ESET researchers, the Lazarus group used a mix of social engineering, trojanized GitHub projects, and a remote access tool (RAT) known as ScoringMathT to gain access to sensitive systems. Their suspected goal was the theft of intellectual property, design blueprints, and advanced drone technology that could be incorporated into North Korea's rapidly expanding UAV program.
While the attacks were concentrated in Europe, Eke said the developments underscore a global pattern that African nations cannot ignore. He stressed that growing digital interconnectivity, defense cooperation and emerging technology hubs in West Africa make the region an attractive destination for cybercriminals and state-sponsored actors seeking indirect access to global supply chains.
“This is an attractive area for cyber attacks. With increasing digital connectivity, expanding defense partnerships and the rise of multiple innovation hubs, individuals have become potential entry points for both direct cyber threats and indirect access to critical systems,” warned AK.
Also read: Meta deploys new technology and partnerships to secure online spaces in Nigeria
Akey said the risks extend beyond defense industries. They identified government agencies, engineering and technology firms, power and telecommunications operators, and financial institutions as areas of increased risk due to access to large data pools, strategic infrastructure, or proprietary technologies.
To mitigate these risks, the ESET Nigeria boss called for a strategic shift in the cybersecurity approach of organizations that focuses not only on technology but also human awareness.
“Cybersecurity awareness training should no longer be treated as an optional corporate practice. It should be an integral part of employee onboarding and continuous learning programs. Humans are the weakest link in the security chain, and cybercriminals exploit this through increasingly sophisticated social engineering techniques,” he said.
AK stressed the need for multi-layered security, including strong endpoint security, advanced threat detection systems, and regular system updates. But beyond technical security, he said, educating employees about phishing schemes, fraudulent job offers and data management best practices can significantly reduce the risk of threats like Operation DreamJob.
“Our defense systems are only as strong as the people operating them. Organizations that invest in their people through awareness and preparedness have a better chance of detecting and stopping attacks before they cause harm,” he said.
In a broad policy recommendation, AK urged West African governments to treat cybersecurity as a national security priority, integrated into the region's economic and digital transformation agenda.
He said, “As countries across the region continue their digital transformation journeys, cyber resilience must be given top priority. Achieving this will require regional cooperation, sustained awareness campaigns and long-term investment in cybersecurity capacity building to protect national interests, economic growth and public trust in digital systems.”
The latest ESET findings reinforce a trend that has worried security experts for years: the 'globalization of cyber conflict', where attacks in one continent can expose vulnerabilities in another. With defence, energy and financial networks increasingly interconnected, AK's message to African stakeholders is clear: cyber security readiness is not just a technical requirement but a strategic imperative.
