North Korean Hackers Expand to EU, Target Blockchain Firms as Remote Devs

  • North Korean cyber operatives have expanded operations to target blockchain startups in the EU and UK, posing as remote developers.
  • Google Threat Intelligence Group reports that these workers operate under multiple fake identities to bypass security checks and generate revenue for the North Korean regime.
  • Recent activities include extortion threats from laid-off DPRK developers blackmailing former employers with threats to leak source code.

Google has revealed that North Korean cyber operatives are expanding their target range beyond U.S. companies to include blockchain startups across Europe. According to a report released Tuesday by Google’s Threat Intelligence Group (GTIG), IT workers linked to North Korea have embedded themselves in crypto projects throughout the UK, Germany, Portugal, and Serbia, posing serious security risks to these organizations.

- Advertisement -

The report indicates that these operatives have infiltrated various blockchain projects, including marketplaces, AI web applications, and the development of Solana and Anchor/Rust smart contracts. One instance involved building a Nodexa token Hosting platform, while other cases included creating blockchain job marketplaces and AI-enhanced blockchain tools.

“In response to heightened awareness of the threat within the United States, they’ve established a global ecosystem of fraudulent personas to enhance operational agility,” said GTIG adviser Jamie Collier in the report. Some workers reportedly operated under as many as 12 fake identities simultaneously, using falsified credentials from Belgrade University and fake residency documents from Slovakia.

These cyber operatives receive assistance from facilitators in the UK and U.S. who help them bypass identity verification processes and receive payments through services like TransferWise, Payoneer, and cryptocurrency platforms, effectively concealing funds flowing back to North Korea.

Rising Extortion Threats

Since October 2024, GTIG has observed an increase in extortion attempts as terminated North Korean developers have started blackmailing former employers by threatening to leak proprietary information and source code. This aggressive behavior coincides with “heightened United States law enforcement actions against DPRK IT workers,” according to Google’s report.

Last December, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned two Chinese nationals for laundering digital assets to benefit North Korea’s government. In January, the Justice Department indicted two North Korean nationals for operating a fraudulent IT work scheme that compromised at least 64 U.S. companies between 2018 and 2024.

- Advertisement -

Broader Cyber Threat Network

In March, Paradigm security researcher Samczsun warned that North Korea’s cyber strategy extends beyond the state-backed Lazarus Group, which has been connected to major cryptocurrency hacks. “DPRK Hackers are an ever-growing threat against our industry,” Samczsun noted, describing various subgroups specialized in social engineering and supply chain attacks.

This February, hackers associated with Lazarus stole $1.4 billion from crypto exchange Bybit, later routing the funds through coin mixers and decentralized exchanges.

- Advertisement -

GTIG warns that many crypto startups remain vulnerable due to their heavy reliance on remote talent and bring-your-own-device work environments, often lacking proper security monitoring tools. This vulnerability is precisely what North Korean operatives are exploiting through “the rapid formation of a global infrastructure and support network,” according to Collier.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest News

Bitcoin Soars Toward $112K Amid Dollar Fears, BlackRock Moves

Bitcoin prices have surged close to their all-time high, fueled by increasing investor concerns...

Altcoin ETFs Near Approval as Crypto Funds Eye Solana, XRP, DOGE

Spot Bitcoin and Ethereum ETFs in the U.S. have achieved high levels of success...

XRP Eyes 75% Rally as Whale Accumulation Grows, Faces $2.40 Hurdle

XRP is showing signs of a possible 75% breakout from a symmetrical triangle chart...

Meta’s Facebook AI Seeks Access to Private Camera Roll Photos

Facebook is requesting user consent to upload and process photos from mobile camera rolls...

XRP Spikes 3% as Ripple Drops Appeal Against SEC, CEO Confirms

XRP price increased over 3% following Ripple Labs' announcement to drop their cross-appeal against...

Must Read

This is How to Buy and Sell Bitcoin

Now more than ever, there are a variety of ways to enter and exit the crypto market. While this is good, the availability of...