Key Takeaways
Software giant Google has warned that North Korean hacking groups are expanding the scale and scope of their operations to target more firms after increased scrutiny in the U.S.
The Google Threat Intelligence report highlighted that the North Korean hacking group is now actively targeting European firms.
North Korean hackers are actively targeting European firms in hopes of infiltrating them and then stealing their assets through ransomware or hacking.
According to a study published on April 2 by Jamie Collier, a Google Threat Intelligence Group (GTIG) adviser, fraudulent IT professionals associated with North Korea are creating a global network of false identities in response to growing awareness in the U.S.
“In response to heightened awareness of the threat within the United States, they’ve established a global ecosystem of fraudulent personas to enhance operational agility,” Collier noted.
The Google report noted that IT workers in Europe were recruited through various online platforms such as Upwork, Telegram, and Freelancer. To avoid detection, payment for their services was facilitated through cryptocurrency.
Google and unidentified partners have discovered “login credentials for user accounts of European job websites and human capital management platforms” and North Korean IT professionals “looking for employment in Germany and Portugal.”
The report added that North Korea-linked workers are infiltrating projects linked to blockchain-related projects involving Solana and Anchor/Rust innovative contract development and a blockchain job marketplace built using the MERN stack and Solana.
Reports about North Korean hackers infiltrating crypto firms to install malware on their systems and steal cryptocurrency first appeared in 2023.
At the time, these hackers were mostly focused on American companies. However, law enforcement authorities issued public notices about them, helping firms avoid such threat actors.
Investigators have found “fabricated personas, including resumes listing degrees from Belgrade University in Serbia and residences in Slovakia, as well as instructions for navigating European job sites.”
One document provided specific guidance on seeking employment in Serbia, including using a Serbian time zone during communications.
The documents also revealed information on acquiring false passports to provide credentials that allow them to establish a right to work or open bank accounts.