North Korea’s cybercrime workers are taking their operations beyond the United States. They are targeting European companies that deal with blockchains. They are compelled to expand their operations because they are facing closer scrutiny in the United States. Some of them are currently working on projects in the United Kingdom. Google reports this growing threat.
They present themselves as genuine remote workers. They gain entry into companies and create revenue streams for their regime. Organizations that employ them risk being subjected to espionage, theft of their data, and disruption. Google’s Threat Intelligence Group has been monitoring their activity growing throughout Europe.
However, their modus operandi is evolving. They are extorting and operating from corporate virtual infrastructure. They operate from various countries and are therefore an international threat.
DPRK IT workers target Europe after U.S. crackdown
DPRK cyber professionals cannot obtain employment in the United States. Public awareness and law enforcement actions bar them from doing so. Vetting procedures hold them back. They are now targeting employment opportunities in Europe. A staff member forged 12 different identities to get employment from different sectors.
They forged qualifications and recruiter contacts. Impersonal profiles verified their identity. Researchers found North Korean IT staff operating from Germany and Portugal. They also discovered stolen login credentials from European job boards. North Koreans participated in various projects in the UK. Their skills span from web and bot development to CMS websites and blockchain. Some worked on advanced blockchain projects on Solana and Rust smart contracts.
Moreover, they use fake names from Italy, Japan, and Ukraine. They hire on Upwork, Telegram, and Freelancer. After receiving payments through cryptocurrencies and hidden financial services. Facilitators help them bypass identity verification and ensure payment. These facilitators operate in both the United States and Europe. In one case, a corporate laptop intended for New York was used in London.
DPRK IT workers threaten Blockchain security
They found forged resumes purporting to hold Serbian university degrees and phony Slovakian addresses. A middleman who supplied counterfeit passports was implicated. An agent instructed an employee on how to blend in when job searching in Serbia. North Korean cyberworkers have also stepped up extortions since Oct. 2024. They extort employers, threatening to publish confidential information.
They sell proprietary code to competitors. Such growth follows recent moves from US authorities. Some businesses unwittingly enable these threats by allowing personal device usage through BYOD policy. Without security software, suspicious activity cannot be traced. Google states that DPRK IT personnel view BYOD environments as easy pickings. Their attacks are getting more sophisticated and are posing an ever-greater global threat.
