North Korean Hackers For Hire

Hackers operating under the direction of the North Korean government are working on a new form of subversion. By pretending to be legitimate remote workers to get jobs in Western companies, they aim to carry out financial fraud and IP theft, to generate revenue for the  President Kim's regime. 

According to the  FBI, North Korean IT workers are extorting US companies which have hired them, by exploiting  access privileges to steal source code.

A new report from Google’s Threat Intelligence Group (GTIG), explores how these these covert activities have grown significantly, extending beyond the US to the EU.

Freelance software developers are the target of an ongoing campaign that leverages job interview-themed lures to deliver cross-platform malware families known as BeaverTail.  In this exploit, North Korean operatives create fake identities and pose as job seekers to secure remote work usually in the tech and programming sectors. The money they make is sent back to the North Korean government to support its activities

Subject matter expert, Craig WattThreat Intelligence Consultant at Quorum Cyber, comments that "North Korean IT workers are likely tasked with obtaining remote IT jobs, with their salary then funnelled back to Pyongyang. This almost certainly carries the objective of countering UN sanctions with the North Korea demonstrating no intention of negotiating away its strategic weapons programs, which is perceived as a guarantor of regime security and national pride"

Indeed, US government authorities have continued to highlight this criminal activity, with the Department of Justice recently indicting five individuals involved in the operation. These individuals were found to have fraudulently obtained work with at least 64 US firms.

Despite increasing awareness and legal actions, such as the indictment, this scheme continues to thrive. The GTIG report confirms that these North Korean IT workers are usually aiming at organisations in both the US and Europe. “The IT Worker actively sought employment with multiple organizations within Europe, particularly those within the defense industrial base and government sectors. This individual demonstrated a pattern of providing fabricated references, building a rapport with job recruiters, and using additional personas they controlled to vouch for their credibility...

“Separately, additional investigations uncovered other IT worker personas seeking employment in Germany and Portugal, alongside login credentials for user accounts of European job websites and human capital management platforms,” says the Report.

This expansion is a response to mounting challenges faced by covert North Korean operatives in getting jobs in the US. Along with the geographic expansion, N. Korean IT workers are evolving their tactics. The Report highlights an increase in extortion campaigns and a shift towards conducting operations within corporate virtualised infrastructures, which allows for greater anonymity and control. 

Some workers have even been detected managing multiple personas across both Europe and the US, targeting sensitive sectors such as defence and government organisations. For companies that unknowingly hire these workers, the risks are significant, including potential espionage, data theft, and operational disruption. 

The Google report emphasises the growing complexity of these schemes, with facilitators located in multiple countries helping to circumvent identity verification and facilitate the movement of corporate assets across borders.

Google   |   Google    |   TechRadar   |   WeLiveSecurity    |   I-HLS   |   Hacker News   |    Cybersecoop   | 

US Dept. of Justice   |   eSentire

Image: Ideogram

You Might Also Read:

US Nationals Indicted For Fraudulent Remote IT Work:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Do You Need Security That Starts With “Prove It”?
How Companies Can Manage Third-Party Vendor Risk »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BSI Group

BSI Group

BSI is the business standards company that equips businesses with the necessary solutions to turn standards of best practice into habits of excellence

WhiteHat Security

WhiteHat Security

WhiteHat’s products enable customers to “Hack Yourself First” so that they gain a greater understanding of the actual risk to their business.

NRD Cyber Security

NRD Cyber Security

NRD Cyber Security create a secure digital environment for countries, governments, and organisations and implement cybersecurity resilience enhancement projects around the world.

Jscrambler

Jscrambler

Jscrambler addresses all your JavaScript and Web application protection needs.

VerifyMe

VerifyMe

VerifyMe is a global technology solutions company delivering brand protection offerings to mitigate counterfeiting, product diversion, and illicit trade.

Data Recovery Services (DRS)

Data Recovery Services (DRS)

DRS provides data recovery services from media including hard disk drives, RAID, solid state disks SSD, memory sticks, USB drives, SD cards, tapes and mobile phones.

Calian Group

Calian Group

Calian is a diverse Canadian company offering professional services in areas including Advanced Technologies, Health, Learning and IT & Cyber Solutions.

KLDiscovery

KLDiscovery

KLDiscovery is a global leader in delivering best-in-class eDiscovery, information governance and data recovery solutions.

Incognito Forensic Foundation Lab (IFF Lab)

Incognito Forensic Foundation Lab (IFF Lab)

IFF Lab is a premier cyber and digital forensics lab in India that offers forensic services and solutions, cyber security analysis and assessment, IT support, training and consultation.

RealCISO

RealCISO

RealCISO is a CISO grade cloud platform to help companies understand, manage, and mitigate their cyber risk.

Charles IT

Charles IT

Charles IT is your friendly, no-nonsense IT team focused on helping companies make their technology work for them. We focus on building relationships that deliver results.

Securance Consulting

Securance Consulting

Since 2002, Securance has empowered enterprises to assume proactive security, compliance, and risk management strategies.

Sidcon International Consulting Company

Sidcon International Consulting Company

SIDCON International Consulting Company has been providing consulting services since 2002 for private and public organizations in Ukraine and other countries.

Leaf IT

Leaf IT

Leaf IT are a pioneering cloud-first MSP, dedicated to helping businesses in the UK and Ireland. We focus on delivering tangible results for our clients through IT transformation.

Boston Government Services (BGS)

Boston Government Services (BGS)

Boston Government Services is an engineering, technology, and security firm providing mission-focused solutions for the clean energy, nuclear, and federal programs markets.

Start-Up Chile (SUP)

Start-Up Chile (SUP)

Start-Up Chile is a business accelerator program created by the Chilean Government for high-potential tech entrepreneurs.