North Korean IT workers ramp up infiltration of tech and crypto firms across Europe

North Korean IT workers (DPRC) accelerate their business infiltration efforts in technological and cryptographic companies, emphasizing Europe.

Since his last report In September 2024, Google Threat Intelligence Group A observed An increase in RPDC IT workers infiltrating technological and cryptographic companies in several countries across Europe. These people use false identities and create several false personalities to guarantee well -remunerated jobs in technological and blockchain companies, often using additional manufactured characters for references. In one case, only one person was found operating under at least 12 different characters across Europe and the United States, targeting organizations in the defense and government sectors.

According to the Last reportA certain number of IT workers from the PDR proved actively involved in blockchain projects in the United Kingdom, such as the development of intelligent Solana and Anchor / Rust contracts and the construction of a work market based on blockchain using the Mern and Solana pile.

In addition to the IT workers themselves, surveys have also discovered a network of facilitators supporting these workers in navigation on European employment websites and providing them with false identity documents.

The aggressive expansion of North Korea of ​​IT workers’ infiltration is largely motivated by the need for the regime to circumvent international sanctions that have limited its access to global financial systems. With the assembly of economic pressure, the country has turned to cyber operations as a major source of income, using IT workers to obtain well-remunerated jobs and overthrow the profits to the State. In 2022, the American Treasury Department estimated That these workers collectively generate hundreds of millions of dollars a year for North Korea. The Government of the RPRC retained Up to 90% of wages won by these workers, thus channeling substantial funds in its military projects.

Beyond the pipe directly from their wages to the regime, North Korean IT workers sometimes act as entry points for hacking groups sponsored by the State as Lazarus groupwhich was recently under the spotlight to orchestrate the hacking of $ 1.5 billion in Bybit. In particular, Lazarus stole More than $ 600 million in the Ronin Network (Infinity Axie) in 2022, IT workers playing a key role in access to internal systems. In August 2024, Sleuth on Zachxbt channel discovered More than 25 cryptographic projects infiltrated by RPDC developers.

While Lazarus hacking – after North Korea became The fifth largest holder of the Bitcoin government (BTC) – has been linked to the exploitation of vulnerabilities in its multi -sig portfolio GTIG reportThis increased awareness is one of the key factors in the expansion of North Korean infiltration efforts in Europe, in addition to the increase in public reports, the indictment of the Ministry of Justice and the challenges related to the verification of the law to work.