Google's investigation reveals that North Korean IT workers are expanding around the world to illegally obtain jobs at companies in the face of US sanctions
Research from the Google Threat Intelligence Group has found that North Korean IT workers are infiltrating companies around the world to benefit the North Korean government, using false identities and working as remote workers.
DPRK IT Workers Expanding in Scope and Scale | Google Cloud Blog
North Korean IT worker army expands operations in Europe
https://www.bleepingcomputer.com/news/security/north-korean-it-worker-army-expands-operations-in-europe/
According to Google, North Korean IT workers are operating across multiple countries and are now a global threat. The main target is still the United States, but in recent months, it has become more difficult for North Korean workers to operate in the United States. This is thought to be because the public's perception of the threat has changed due to reports that North Korean workers are infiltrating the country.
Remote workers hired by security companies were actually North Korean hackers - GIGAZINE
Perhaps because their activities in the United States have been hindered, North Korean workers are expanding in Europe and Asia.
According to Google, people have been found in various locations who are helping North Korean IT workers get jobs, bypass identity checks, and receive illegal funds, and it has been discovered that workers are being recruited in various countries using various services such as Upwork and Telegram.
A Google investigation into the infrastructure used by the suspected actors revealed a particular interest in Europe, including fabricated resumes listing degrees from the University of Belgrade in Serbia and residences in Slovakia, as well as contact details for brokers specializing in fake passports, suggesting that a coordinated operation to obtain fraudulent identities is behind the investigation.
As the global scale of the scams grows, so too do North Korean workers' methods. In one case, a recently fired IT worker threatened to 'disclose confidential data,' which could be a way to extort money.
In late 2024, a North Korean worker impersonated at least 12 individuals in Europe and the United States and actively sought employment with multiple organizations in Europe, particularly in the defense industrial base and government sectors. This individual displayed a pattern of behavior of submitting fabricated references and building rapport with recruiters.
North Korean workers are involved in a variety of projects, including web development, bot development, content management system development, and blockchain technology, according to Google, demonstrating a wide range of technical expertise ranging from traditional web development to advanced blockchain and AI applications.
Specifically, developing a Nodexa token hosting plan platform using Next.js, React, CosmosSDK, and Golang; building a job marketplace using Next.js, Tailwind CSS, MongoDB, and Node.js; developing Solana and Anchor/Rust smart contracts; developing an AI web application leveraging Electron, Next.js, AI, and blockchain technology.
To secure these positions, North Korean workers lied about their nationalities from a variety of countries, including Japan, Italy, Malaysia, Singapore, Ukraine, the United States, and Vietnam.
Below is a list of countries where North Korean IT workers have been involved.
Google published similar research results in September 2024, but the scope and scale of the findings have continued to expand up to this point.
Investigation reveals that North Korean IT worker 'UNC5267' has infiltrated multiple 'Fortune 100' companies - GIGAZINE
Google cites the existence of BYOD (Bring Your Own Device) policies as one of the factors that makes it easier for North Korean workers to infiltrate companies. BYOD is a policy that means 'bring your own device,' but if a problem occurs, it can be difficult to track activity and identify potential threats, unlike a corporate laptop that can be monitored. Google pointed out that 'the lack of traditional security measures means that evidence that can be obtained from a corporate laptop cannot be used, increasing the risk that malicious activity will go undetected.'
Google said, 'North Korean workers infiltrate companies posing as legitimate remote workers to benefit the regime. Organizations that employ them are at risk of espionage, data theft, and disruption. In response to heightened threat awareness in the United States, North Korean workers have established a global network. Information discovered in various countries suggests that these networks are forming rapidly.'
Related Posts:
in Posted by log1p_kr