Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.
Read more
North Korean agents posing as legitimate remote IT workers are increasingly infiltrating companies in Europe, cybersecurity researchers warn in a new report.
While the US remained the main target of these North Korean spies, referred to as "IT warriors”, their recent activity across multiple countries establishes them as a global threat, the Google Threat Intelligence Group (GTIG) warned in its report.
The group from the Democratic People's Republic of Korea (DPRK) is also using evolving tactics like intensified extortion to place their agents inside organisations, researchers said.
This increases the risk of corporate espionage, data theft, and disruption “with a notable focus on Europe”, they warn.
Laptop screen shows webpage of IT Army of Ukraine group of volunteer hackers
Laptop screen shows webpage of IT Army of Ukraine group of volunteer hackers (AFP via Getty Images)
Citing an example, the report notes the case of a DPRK IT worker “who operated at least 12 personas across Europe and the US”.
This “IT warrior” reportedly sought employment with multiple organisations in Europe, particularly those in the defence and government sectors.
The agent fabricated references, built rapport with job recruiters, and used additional personas to vouch for their credibility, researchers cautioned.
Similar IT worker “personas” were also found seeking employment in Germany and Portugal, they noted.
“GTIG has also observed a diverse portfolio of projects in the UK undertaken by DPRK IT workers,” researchers say.
“These projects included web development, bot development, content management system (CMS) development, and blockchain technology, indicating a broad range of technical expertise,” GTIG noted.
The workers reportedly use deceptive tactics, such as falsely claiming nationalities from countries like Italy, Japan, Malaysia, Singapore, Ukraine, the US, and Vietnam.
These workers were recruited by several companies via online platforms, including Upwork, Telegram, and Freelancer, the report noted.
North Korea's Lazarus Group Ousts Tesla in Bitcoin Holdings
In several European countries, facilitators are also helping the North Korean “IT workers” get jobs, defeat identity verification, and receive funds fraudulently, researchers say, hinting at a complex logistical chain with “heightened interest in Europe”.
Cybersecurity experts also suspect these “IT warriors” may be under increased pressure, driving them to adopt more aggressive measures to maintain their revenue stream from extorting larger organisations.
Some companies that operate a “bring your own device (BYOD)” policy may be particularly vulnerable, they say.
“Unlike corporate laptops that can be monitored, personal devices operating under a BYOD policy may lack traditional security and logging tools, making it difficult to track activities and identify potential threats,” researchers say.
“GTIG believes that IT workers have identified BYOD environments as potentially ripe for their schemes,” they say.
With the latest discovery of facilitators in the UK, experts warn of a rapid formation of a global infrastructure and support network aiding North Korean IT worker spies.