North Korea's so-called IT army has expanded its operations beyond the United States and is now increasingly attacking companies across Europe. They hide their real names and pose as employees from other countries, including Ukraine.
North Korea's so-called IT army has expanded its operations beyond the United States and is now increasingly attacking companies across Europe. They hide their real names and pose as employees from other countries, including Ukraine.
North Korean IT professionals are connecting through laptop farms to fraudulently obtain remote freelance IT positions at companies around the world to generate revenue for the Democratic People's Republic of Korea (DPRK) regime.
Security researchers from the Google Threat Intelligence Group (GTIG) have found that North Korea's IT army is increasingly attacking companies in Germany, Portugal, and the UK after many of its members were indicted and sanctioned in the US.
“In attempting to obtain these positions, North Korean IT workers used deceptive tactics, posing as citizens of various countries, including Italy, Japan, Malaysia, Singapore, Ukraine, the United States, and Vietnam. They used a combination of real and fabricated identities,” said Jamie Collier, lead threat intelligence advisor at GTIG.
IT workers in Europe were recruited through various online platforms, including Upwork, Telegram, and Freelancer, and were paid for their services using cryptocurrency, TransferWise, and Payoneer, suggesting the use of methods that conceal the origin and destination of funds.
For example, GTIG investigators found user credentials on European job websites and HR platforms linked to North Korean IT workers seeking jobs at German and Portuguese companies. North Korean IT professionals have also been linked to a range of projects in the UK, ranging from artificial intelligence and blockchain technologies to website development, bots and content management systems, BleepingComputer reports .
Another North Korean IT worker targeted several European defense-industrial base and public sector organizations in late 2024, using fabricated credentials and identities to more easily deceive recruiters who were hiring them.
After being identified and released, some of these North Korean IT workers used insider information to extort money from their former employers, threatening to leak confidential information stolen from company systems.
Previously, dev.ua reported that North Korean hackers targeted freelance developers, including Ukrainian ones, under the guise of recruiters . They hid malicious software in GitHub projects, which they then sent to developers under the guise of a test.
According to the US Department of Justice, fake North Korean IT workers earned at least $88 million in 6 years from US companies that were going into arms sales.
Also last year, the US arrested a Ukrainian and an American who helped North Korean IT professionals get remote jobs at American companies . The scheme brought the DPRK almost $7 million.
