According to Google’s Threat Intelligence Group (GTIG), North Korea-linked tech operatives are broadening their infiltration of global blockchain companies, with a noticeable shift toward targeting firms in the United Kingdom and Europe.
The move follows heightened scrutiny from U.S. authorities, which has pushed many of these actors to seek employment beyond American borders.
These operatives disguise themselves as legitimate remote workers, securing employment within firms handling sensitive blockchain and artificial intelligence projects.
The Google report highlights these operatives’ evolving tactics, including the expansion of a sophisticated global network of fake identities, new extortion strategies, and exploitation of corporate bring-your-own-device (BYOD) policies to evade detection.
North Korea-Linked IT Fraudsters Build Global Network of Fake Identities, Says Google
Google’s Threat Intelligence Group (GTIG) has uncovered an extensive web of fraudulent identities used by North Korean IT workers to secure employment in companies across Europe, particularly in the UK.
Jamie Collier, a GTIG adviser, emphasized that these IT workers have evolved their operations in response to growing awareness in the U.S., pivoting toward European markets where scrutiny remains lower.
“In response to heightened awareness of the threat within the United States, they’ve established a global ecosystem of fraudulent personas to enhance operational agility,” Collier noted.
The report outlines how North Korean operatives pose as professionals from various countries, including Italy, Japan, Malaysia, Singapore, Ukraine, the U.S., and Vietnam.
List of countries impacted by DPRK IT workers. Source: Google
Many leverage fake credentials and references to gain access to companies handling cutting-edge blockchain and AI projects.
Some of the identified activities include developing blockchain-based platforms using technologies such as Solana, Anchor, Cosmos SDK, and Rust.
Another activity is the creation of a job marketplace utilizing the MERN stack and Solana.
Collier further warned that the presence of enablers within the UK suggests the formation of a broader support network, enabling these operatives to persist in their schemes.
Report Reveals Surge in Extortion Threats by Dismissed Workers Since October
The GTIG report highlights a troubling rise in extortion tactics by dismissed North Korean IT workers.
Since October, these workers have increasingly resorted to threatening former employers with data leaks, seeking to sell proprietary information to competitors or expose internal project details unless paid off.
“In these incidents, recently fired IT workers threatened to release their former employers’ sensitive data or to provide it to a competitor,” the report states.
This data often includes proprietary code and critical company intelligence.
This escalation coincides with intensified U.S. law enforcement actions, including indictments and disruptions targeting North Korean operatives.
The U.S. Department of Justice recently indicted two North Korean nationals for orchestrating a fraudulent IT employment scheme that involved more than 60 companies.
The U.S. Treasury has also sanctioned entities accused of operating as front companies for North Korean IT activities.
These operatives’ tactics have expanded beyond mere infiltration. Previously, when IT workers were dismissed, they would attempt to re-enter companies under different identities.
However, recent firings have resulted in outright extortion, indicating a shift toward more aggressive financial exploitation strategies.
In a related move, Google UK has recently introduced stricter policies on crypto-related advertisements to combat fraudulent activities.
Starting January 15, 2025, all digital asset exchanges and wallet providers seeking to advertise in the UK must register with the Financial Conduct Authority (FCA).
The UK’s FCA has been actively clamping down on misleading crypto promotions.
These regulatory actions align with broader global trends, where authorities have mandated pre-approval for crypto-related advertisements.
With cyber threats intensifying and regulatory oversight increasing, UK-based crypto firms must remain vigilant to protect their businesses from both external and internal risks.
The post Google Warns UK Crypto Firms of North Korea-Linked Fraudsters appeared first on Cryptonews.
