By The Straits Times | Created at 2025-04-03 03:17:39 | Updated at 2025-04-03 22:37:42
21 hours ago
North Korean information technology workers are increasingly posing as remote freelancers from other countries to infiltrate companies in Europe, putting organisations at risk of espionage, data theft and disruption.
The workers, who refer to themselves as “warriors”, secure roles at companies to generate revenue for the Democratic People’s Republic of Korea, according to research by Google Threat Intelligence Group.
Google researchers worked with partners to identify an increase in active operations outside the US by these so-called IT warriors over the past six months.
Countries targeted include Germany, Britain and Portugal, according to a blog post by Dr Jamie Collier, lead adviser for Europe at the Google unit.
North Korean IT workers have historically focused on infiltrating companies in the US. While American jobs remain a major target, an increased awareness of the threat, along with sanctions and indictments from the Department of Justice, have pushed operations to other countries, particularly in Europe.
The workers falsely claim to be from countries such as Italy, Japan, Malaysia, Singapore, Ukraine, the US and Vietnam to secure jobs.
They are recruited through platforms such as Upwork, Freelancer and Telegram, and paid with cryptocurrency, or via digital payment platforms like Wise and Payoneer Global, according to the Google report.
A spokesperson for Wise said the company carries out numerous verification checks on customers and monitors transactions for misuse of its services. When it identifies potential financial crime, it investigates and, where necessary, deactivates accounts.
Payoneer uses a range of checks to combat fraud and financial crime and works closely with regulators and law enforcement, a spokesperson said.
Upwork said it was an industrywide problem and that the company takes “aggressive action to detect, block and remove bad actors”.
Freelancer and Telegram did not respond to requests for comment.
Since late October 2024, there has been a rise in recently fired North Korean workers seeking to extort companies, threatening to release sensitive data to a competitor.
Dr Collier wrote that the increased pressure from the US may be driving these IT workers to “adopt more aggressive measures to maintain their revenue stream”.
In late 2024, one such worker, operating at least 12 personas, sought employment with several organisations in the defence and government sectors, providing fake references.
In Britain, North Korean IT workers have been involved in projects spanning traditional web development to advanced blockchain and artificial intelligence applications, according to the research.
Google said the trend highlights the risks of bring-your-own-device policies, where companies allow workers to use their own laptops to access internal systems. These devices often lack corporate monitoring and security tools, making it harder to identify possible threats.
The Federal Bureau of Investigation has issued multiple warnings about North Korea’s IT workers defrauding US businesses and urged companies to improve their identity verification processes.
In January, the US Treasury sanctioned two individuals and four entities for “generating illicit revenue” for the North Korean government, which it said withholds as much as 90 per cent of wages earned by these IT workers.
In December 2024, a federal court in Missouri indicted 14 North Korean nationals for their alleged involvement in an IT employment scheme that generated US$88 million (S$118 million) over six years.
In some cases, US employers unwittingly employed North Korean IT workers for years, paying them hundreds of thousands of dollars.
Britain has also issued warnings about North Korean IT workers. In September, the Office of Financial Sanctions Implementation advised companies to carry out more rigorous identity checks, video interviews and to avoid payments in cryptocurrency. BLOOMBERG
Join ST's Telegram channel and get the latest breaking news delivered to you.
