North Korean Hackers For Hire

Uploaded on 2025-04-14 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW

Hackers operating under the direction of the North Korean government are working on a new form of subversion. By pretending to be legitimate remote workers to get jobs in Western companies, they aim to carry out financial fraud and IP theft, to generate revenue for the  President Kim's regime. 

According to the  FBI, North Korean IT workers are extorting US companies which have hired them, by exploiting  access privileges to steal source code.

A new report from Google’s Threat Intelligence Group (GTIG), explores how these these covert activities have grown significantly, extending beyond the US to the EU.

Freelance software developers are the target of an ongoing campaign that leverages job interview-themed lures to deliver cross-platform malware families known as BeaverTail.  In this exploit, North Korean operatives create fake identities and pose as job seekers to secure remote work usually in the tech and programming sectors. The money they make is sent back to the North Korean government to support its activities

Subject matter expert, Craig WattThreat Intelligence Consultant at Quorum Cyber, comments that "North Korean IT workers are likely tasked with obtaining remote IT jobs, with their salary then funnelled back to Pyongyang. This almost certainly carries the objective of countering UN sanctions with the North Korea demonstrating no intention of negotiating away its strategic weapons programs, which is perceived as a guarantor of regime security and national pride"

Indeed, US government authorities have continued to highlight this criminal activity, with the Department of Justice recently indicting five individuals involved in the operation. These individuals were found to have fraudulently obtained work with at least 64 US firms.

Despite increasing awareness and legal actions, such as the indictment, this scheme continues to thrive. The GTIG report confirms that these North Korean IT workers are usually aiming at organisations in both the US and Europe. “The IT Worker actively sought employment with multiple organizations within Europe, particularly those within the defense industrial base and government sectors. This individual demonstrated a pattern of providing fabricated references, building a rapport with job recruiters, and using additional personas they controlled to vouch for their credibility...

“Separately, additional investigations uncovered other IT worker personas seeking employment in Germany and Portugal, alongside login credentials for user accounts of European job websites and human capital management platforms,” says the Report.

This expansion is a response to mounting challenges faced by covert North Korean operatives in getting jobs in the US. Along with the geographic expansion, N. Korean IT workers are evolving their tactics. The Report highlights an increase in extortion campaigns and a shift towards conducting operations within corporate virtualised infrastructures, which allows for greater anonymity and control. 

Some workers have even been detected managing multiple personas across both Europe and the US, targeting sensitive sectors such as defence and government organisations. For companies that unknowingly hire these workers, the risks are significant, including potential espionage, data theft, and operational disruption. 

The Google report emphasises the growing complexity of these schemes, with facilitators located in multiple countries helping to circumvent identity verification and facilitate the movement of corporate assets across borders.

Google   |   Google    |   TechRadar   |   WeLiveSecurity    |   I-HLS   |   Hacker News   |    Cybersecoop   | 

US Dept. of Justice   |   eSentire

Image: Ideogram

You Might Also Read:

US Nationals Indicted For Fraudulent Remote IT Work:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Do You Need Security That Starts With “Prove It”?
How Companies Can Manage Third-Party Vendor Risk »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Willis Towers Watson

Willis Towers Watson

Willis Towers Watson is a global risk management, insurance brokerage and advisory company. Services offered include Cyber Risks insurance.

Citicus

Citicus

Citicus provides world-class security, risk and compliance management software, plus supporting services.

FTAPI Software

FTAPI Software

FTAPI SecuTransfer is a software solution for end-to-end encrypted data exchange of large and sensitive data with customers and partners.

Cybersecurity & Infrastructure Security Agency (CISA) - USA

Cybersecurity & Infrastructure Security Agency (CISA) - USA

CISA leads the national effort to defend critical infrastructure against the threats of today and to secure against the evolving risks of tomorrow.

Redbelt Security

Redbelt Security

Redbelt is a cyber security consultancy. We integrate people, systems, services and products to transform how your information security is delivered.

Cyber Threat Alliance

Cyber Threat Alliance

CTA is working to improve cybersecurity of our digital ecosystem by enabling near real-time cyber threat information sharing among companies and organizations in the cybersecurity field.

African Cyber Security

African Cyber Security

African Cyber Security and it's partners, have the expertise and skills to provide holistic solutions for companies, institutions and government.

US Coast Guard Cyber Command

US Coast Guard Cyber Command

US Coast Guard Cyber Command’s focus is to ensure the security of our cyberspace, maintain superiority over our adversaries,and safeguard our Nation’s critical maritime infrastructure.

Spotit

Spotit

Spotit offers a wide-ranging portfolio of technologies and services, from consultancy, assessments and pentesting to the set up of completely new security and network infrastructures.

Tech Vedika

Tech Vedika

Tech Vedika has access to technical guidance, training and resources from AWS to successfully undertake solution architecture, application development, application migration, and managed services.

CybersCool Defcon

CybersCool Defcon

CybersCool is committed to educate and train, re-skill and up-skill the current workforce of various industries and businesses in the knowledge and know-how of cybersecurity.

Vancord

Vancord

Vancord is an information and security technology company that works in collaboration with clients to support their infrastructure and data security needs for today and tomorrow.

MiC Talent Solutions

MiC Talent Solutions

MiC Talent Solutions provides recruiting, direct hire, augmented staff, and professional service contracting solutions for organizations searching for minority cybersecurity talent.

Veracity Trust Network

Veracity Trust Network

Veracity Trust Network safeguards organisations from the threat of bot attacks on their public facing platforms.

Harmony Intelligence

Harmony Intelligence

Harmony builds cutting-edge defensive AI products that safeguard people and critical infrastructure around the world from AI-powered threats.

LEXORA.BY

LEXORA.BY

Lexora is a group of companies consisting of two companies: Lexora Cybersecurity & Lexora Development. We specialize in developing secure software, conducting cybersecurity audits and pentests.