North Korean IT Workers Shift Focus to Europe, Increasing Extortion Attempts
North Korean IT workers have shifted their focus to European companies, targeting Germany, Portugal, and the UK. They've been employing deceptive tactics to gain employment, with a recent increase in extortion attempts by DPRK IT workers.
DPRK IT workers have been operating under multiple personas, providing fabricated references and building rapport with job recruiters. They've been targeting traditional web development roles as well as advanced blockchain and AI applications. Since late October 2024, these workers have been targeting larger organizations and increasing extortion attempts. Security experts warn that organizations, particularly in defense and government sectors, should deploy stronger verification checks on remote IT workers to avoid falling victim to this tactic.
DPRK IT workers face challenges in finding and maintaining employment in the USA due to growing awareness and US authorities' charges against suspected individuals. They use deceptive tactics to conceal their identities, falsely claiming various nationalities and using facilitators for fraudulent identification documents. These workers are recruited through online platforms like Upwork, Telegram, and Freelancer, with payments facilitated through cryptocurrency. North Korean threat actors have expanded their tactics to include extortion, stealing sensitive data and holding it 'hostage' until a ransom demand is met.
Organizations are urged to strengthen their verification processes for remote IT workers to prevent potential security breaches. Despite challenges in the USA, North Korean IT workers continue to pose a significant threat to European companies, particularly in sensitive sectors.
