20 hours Ago
North Korean IT workers are increasingly posing as remote freelancers from other countries to infiltrate companies in Europe, putting organisations at risk of espionage, data theft and disruption. The workers, who refer to themselves as "warriors,” secure roles at companies to generate revenue for the Democratic People’s Republic of Korea, according to research by Google Threat Intelligence Group. Google researchers worked with partners to identify an increase in active operations outside of the US by these so-called IT warriors over the past six months.
Countries targeted include Germany, the UK and Portugal, according to a blog post by Jamie Collier, lead adviser for Europe at the Google unit. North Korean IT workers have historically focused on infiltrating companies in the US. While American jobs remain a major target, an increased awareness of the threat, along with sanctions and indictments from the Department of Justice, have pushed operations to other countries, particularly in Europe.
The workers falsely claim to be from countries including Italy, Japan, Malaysia, Singapore, Ukraine, the US and Vietnam to secure jobs. They’re recruited through platforms including Upwork Inc, Freelancer and Telegram and paid with cryptocurrency, or via digital payment platforms including Wise Plc and Payoneer Global Inc, according to the Google report. Upwork, Freelancer, Telegram, Wise and Payoneer did not immediately respond to requests for comment.
Since late October, there has been a rise in recently fired North Korean workers seeking to extort companies, threatening to release sensitive data to a competitor. Collier wrote that the increased pressure from the US may be driving these IT workers to "adopt more aggressive measures to maintain their revenue stream.” In late 2024, one such worker operating at least 12 personas sought employment with several organizations in the defense and government sectors, providing fake references.
In the UK, North Korean IT workers have been involved in projects spanning traditional web development to advanced blockchain and AI applications, according to the research. Google said the trend highlights the risks of bring-your-own-device policies, where companies allow workers to use their own laptops to access internal systems. These devices often lack corporate monitoring and security tools, making it harder to identify possible threats.
The FBI has issued multiple warnings about North Korea’s IT workers defrauding US businesses, and urged companies to improve their identity verification processes. In January, the US Treasury sanctioned two individuals and four entities for "generating illicit revenue” for the North Korean government, which it said withholds as much as 90% of wages earned by these IT workers. In December, a federal court in Missouri indicted 14 North Korean nationals for their alleged involvement in an IT employment scheme that generated US$88mil (RM391.
91mil) over six years. In some cases, US employers unwittingly employed North Korean IT workers for years, paying them hundreds of thousands of dollars. The UK has also issued warnings about North Korean IT workers.
In September, the Office of Financial Sanctions Implementation advised companies to carry out more rigorous identity checks, video interviews and to avoid payments in cryptocurrency. – Bloomberg.
