Fraudulent technological workers with ties with North Korea are expanding their infiltration operations to Blockchain companies outside the United States after a greater scrutiny of the authorities, and some have reached the cryptographic projects of the United Kingdom, says Google.
Google Threat Intelligence Group advisor (GTIG), Jamie Collier, said in a April 2 report that although the United States remains a key objective, the greatest awareness and challenges of verification of the right to work have forced the workers of IT of North Korea to find roles in non -American companies.
“In response to a greater awareness of the threat within the United States, they have established a global ecosystem of fraudulent characters to improve operational agility,” said Collier.
“Together with the discovery of facilitators in the United Kingdom, this suggests the rapid formation of a global infrastructure and support network that trains its continuous operations,” he added.
Google’s threat intelligence group says that North Korea’s technological workers expanded their reach in the midst of US repression. Fountain: Google
Workers linked to North Korea infiltrate projects that cover traditional web development and advanced blockchain applications, as projects that involve Solana and anchor the development of intelligent contracts, according to Collier.
It was also discovered that another project that builds a blockchain labor market and an artificial intelligence web application take advantage of blockchain blockchain technologies had North Korean workers.
“These people represent as legitimate remote workers to infiltrate companies and generate income for the regime,” said Collier.
“This places organizations that hire the RPDC [Democratic People’s Republic of Korea] IT workers at risk of espionage, data theft and interruption. “
North Korea looking for technological works in Europe
Together with the United Kingdom, Collier says that the GTIG identified a remarkable approach in Europe, with a worker who uses at least 12 people in Europe and others who use listed curriculum of the University of Belgrade in Serbia and residences in Slovakia.
Separate research from GTIG found people who were looking for employment in Germany and Portugal, login credentials for users of European work websites, instructions to navigate in European work sites and a specialized corridor in false passports.
At the same time, since the end of October, North Korean workers have increased the volume of extortion attempts and have gone after larger organizations, that the GTIG speculates that workers feel pressure to maintain income flows in the midst of repression in the United States.
“In these incidents, IT workers recently threatened to release the confidential data of their former employers or provide them with a competitor. These data included patented data and source code for internal projects,” said Collier.
Related: Cryptographic attacks of North Korea in sophistication, actors – paradigm
In January, the United States Department of Justice accused two North Korean citizens for their participation in a fraudulent IT work scheme that involves at least 64 US companies from April 2018 to August 2024.
The foreign asset control office of the United States Treasury Department also sanctioned the companies that accused of being fronts of North Korea that generated income through remote IT work schemes.
The founders of Crypto have also informed an increase in the activity of the computer pirates of North Korea, and at least three founders reported on March 13 that they frustrated attempts to steal confidential data through false calls from Zoom.
Do you have audio problems in your zoom call? That is not a VC, they are North Korean computer pirates.
Fortunately, this founder realized what was happening.
The call begins with some “VC” in the call. They send messages in the chat saying that they cannot listen to their audio, or suggesting that there is a … pic.twitter.com/znw8mtof4f
– Nick Bax.eth (@bax1337) March 11, 2025
In August, Blockchain Zachxbt researcher claimed to have discovered a sophisticated network of North Korean developers who earn $ 500,000 per month working for “established” cryptographic projects.
Magazine: Lázarus Group’s favorite exploit revealed: Crypto Hacks analysis
