North Korean hackers intensify special operations in Europe, hiding behind Ukrainians, among others
3 April 12:56
North Korean IT specialists, masquerading as ordinary remote workers, are covering more and more countries with their operations, with a special emphasis on Europe. In order to get a job, they pose as citizens of Ukraine, as well as Japan, Italy, the United States, Vietnam, Singapore, and other countries. This is stated in a review prepared by the Google Threat Intelligence Group (GTIG), "Komersant Ukrainian" reports.
The report notes that the United States remains the main target of the DPRK’s special operations. But as the US has strengthened its cyber defense and begun to scrutinize those seeking remote work, the North Koreans have refocused on other regions, especially Europe.
Where North Korean IT activity was detected
Google’s Threat Intelligence Group identified DPRK IT professionals looking for remote work in Germany, Portugal, and the UK. The project portfolios of these specialists included web development, bot development, content management system development, and blockchain technology, indicating a wide range of technical knowledge.
And one of the North Korean specialists attracted the attention of the GTIG because he created more than 12 fake identities to find work in Europe. He provided fabricated references and used straw men to establish relationships with employment professionals.
How DPRK IT workers tried to get jobs
In their efforts to find employment in Europe, the North Koreans used deceptive tactics by posing as citizens of various countries, including Italy, Japan, Malaysia, Singapore, Ukraine, the United States, and Vietnam.
They used various online platforms, including Upwork, Telegram, and Freelancer, to find employment in Europe. The payment for services was supposed to be made through the use of cryptocurrencies, TransferWise and Payoneer services, i.e., using methods that hide the origin and destination of funds.
What is the threat of such North Korean IT activity?
Google’s Threat Intelligence Group, based on data from multiple sources, states that the number of extortion attempts has increased since the end of October 2024. Moreover, large companies are becoming the target of attacks.
IT ransomware threatened to disclose confidential data of their former employers or provide it to competitors.
Moreover, the increase in the number of extortion cases coincided with the intensification of US actions against IT specialists from the DPRK, which may indicate that the latter are reorienting to other countries.
As noted in the Google Threat Intelligence Group report, global expansion, extortion tactics, and the use of virtualized infrastructure all underscore the adaptive strategies used by DPRK IT professionals.
What is the global goal of North Korean IT operations?
Hackers from North Korea stole more than three billion dollars in cryptocurrency from 2017 to 2024. North Korea used the money to finance its nuclear and missile programs. This is stated in Microsoft’s fifth annual cybersecurity report.
Microsoft has exposed several new North Korean hacker groups that targeted cryptocurrency organizations. These are such hacker groups as Jade Sleet, Sapphire Sleet, and Citrine Sleet. The list also includes the Moonstone Sleet group, which developed a special version of the ransomware and used it against organizations in the aerospace and defense sectors to gather intelligence and gain financial benefits.
Microsoft believes that the intensification of hackers and the creation of new groups indicates that the DPRK is expanding its involvement in ransomware activities. The country is increasing the use of cybercriminals’ tools to strengthen its financial resources and promote its own strategic interests.
In the 2024 Cybersecurity Report, Microsoft also states that Russia, China, Iran, and North Korea have changed their hacking methods over the past year and are now increasingly relying on hacker groups for cyber espionage and disinformation. At the same time, financial cybercrime is on the rise.
