North Korean IT workers are intensifying their presence across European nations, marking a strategic shift from their previous focus on US-based operations. These workers, operating as part of a state-sponsored initiative, are using sophisticated deception tactics to infiltrate companies and generate funds for the Democratic People's Republic of Korea (DPRK).
According to a recent report by Google Threat Intelligence Group (GTIG), North Korean operatives are actively targeting companies in Germany, Portugal, and the United Kingdom. These IT specialists employ elaborate schemes to conceal their identities, often posing as citizens from various countries including Ukraine, Italy, Japan, Malaysia, Singapore, and Vietnam.
The workers secure positions through popular freelance platforms such as Upwork, Telegram, and Freelancer, specializing in diverse technical fields including artificial intelligence, blockchain technology, website development, and content management systems. To receive payment while avoiding detection, they utilize cryptocurrency, TransferWise, and Payoneer.
The operation has taken a concerning turn, with some workers engaging in extortion after their true identities are discovered. In cases where they are dismissed, these individuals have threatened to leak confidential information acquired during their employment.
GTIG's investigation revealed that these operatives have successfully penetrated European employment websites and HR platforms, particularly targeting positions in German and Portuguese companies. In late 2024, one operative specifically targeted European defense industry and government sector organizations, using falsified references to deceive recruiters.
The expansion of North Korea's IT worker program represents a growing challenge for European businesses and highlights the need for enhanced verification processes in remote hiring practices. Companies are now facing dual threats: the initial security breach from hiring these workers and potential extortion attempts following their discovery.