CyberSecurity news
FlagThis
Fiona Jackson@Security | TechRepublic
//
North Korean IT workers are expanding their remote work scams into Europe following increased crackdowns in the United States. Google security researchers have identified a shift in focus towards European companies, with these North Korean operatives attempting to secure remote IT positions using fabricated identities and credentials. The workers are reportedly targeting organizations in Germany, Portugal, and the United Kingdom, and may use AI-generated profile photos to enhance their credibility during video interviews.
This expansion poses a growing cybersecurity threat to European businesses. The IT workers often claim to be based in other countries, connecting via laptop farms to fraudulently secure remote freelance IT positions. Once inside a company, they may engage in cyber espionage and data theft to generate revenue for the North Korean government, including its weapons development programs. Over the last 30 days, nearly 24,000 unique IP addresses have attempted to access European portals, potentially as a precursor to targeted exploitation, highlighting the scale and coordinated nature of this operation.
ImgSrc: assets.techrepu
References :
This expansion poses a growing cybersecurity threat to European businesses. The IT workers often claim to be based in other countries, connecting via laptop farms to fraudulently secure remote freelance IT positions. Once inside a company, they may engage in cyber espionage and data theft to generate revenue for the North Korean government, including its weapons development programs. Over the last 30 days, nearly 24,000 unique IP addresses have attempted to access European portals, potentially as a precursor to targeted exploitation, highlighting the scale and coordinated nature of this operation.
ImgSrc: assets.techrepu
Share:
References :
- Risky Business Media: Risky Bulletin: North Korean IT worker scams expand to Europe
- PCMag UK security: As US Cracks Down, North Koreans Target Europe With Remote Work Scams
- The DefendOps Diaries: Explore the cybersecurity threat posed by North Korean IT workers infiltrating European companies using advanced tactics.
- www.bleepingcomputer.com: ​North Korea's IT workers have expanded operations beyond the United States and are now increasingly targeting organizations across Europe.
- The Register - Security: North Korea’s fake tech workers now targeting European employers
- www.it-daily.net: Fake IT employee from North Korea had 12 identities
- : North Korea's Fake IT Worker Scheme Sets Sights on Europe
- www.itpro.com: Google warns that fake North Korean IT workers have expanded to Europe
- Blog: North Korean IT operatives, often termed "IT warriors," have broadened their scope beyond the United States, now targeting companies across Europe, notably in Germany, Portugal, and the United Kingdom.
- www.helpnetsecurity.com: North Korean IT workers are expanding their efforts beyond the US, and are seeking to fraudulently gain employment with organizations around the world, but most especially in Europe.
- Security Risk Advisors: DPRK IT Workers Expand Global Operations with Focus on European Targets
- Risky Business Media: Srsly Risky Biz: North Korean IT workers head to Europe
- Security | TechRepublic: North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds
- SecureWorld News: The Google Threat Intelligence team (GTIG) has published new research outlining how IT workers from the Democratic People's Republic of Korea (DPRK) are expanding both the scope and scale of their operations, targeting companies across the globe with more advanced deception and cyber extortion tactics. The report offers a stark reminder that nation-state threats don't always originate with malware—they can also come disguised as job applicants.
Classification:
- HashTags: #Cybersecurity #NorthKorea #RemoteWorkScam
- Company: Google
- Target: European Companies
- Attacker: North Korean
- Product: Gmail
- Feature: recruitment
- Type: Hack
- Severity: Medium