North Korean IT workers are increasingly infiltrating tech and crypto firms in Europe. They employ fake identities and have created complex networks to secure high-paying jobs.
Increase in Activity of North Korean IT Workers
According to the latest report by Google Threat Intelligence Group, since September 2024, there has been a surge in the activity of IT workers from North Korea infiltrating tech and crypto firms across Europe. They use fake identities and multiple personas to obtain high-paying roles, with some individuals operating under 12 different identities at a time, showcasing their adept manipulation skills.
Impact on European Blockchain Projects
North Korean IT workers are actively involved in blockchain projects in Europe, such as developing Solana and Anchor/Rust smart contracts and building blockchain-based job marketplaces using the MERN stack and Solana in the UK.
Reasons and Consequences of Activity
The aggressive expansion of North Korean IT workers' activity is primarily driven by the regime’s need to circumvent international sanctions that restrict monetary flow into the country. These workers help sustain cyber operations that significantly fund North Korea’s budget. Additionally, they serve as entry points for hacking groups like Lazarus, responsible for significant hacks including the $600 million theft from the Ronin Network in 2022. These developments raise awareness in the U.S. about the North Korean threat and contribute to the increased activities of DPRK in Europe.
The activity of North Korean IT workers targeting tech and crypto firms in Europe has become a crucial factor for cybersecurity threat awareness and highlights the need to enhance protection.
