North Korean (DPRK) IT workers are increasingly infiltrating European tech and crypto firms, using fake identities to land high-paying jobs and funnel earnings back to the regime.
North Korean IT Workers Ramp Up Infiltration of Tech and Crypto Firms Across Europe
Since its last report in September 2024, Google’s Threat Intelligence Group has observed a rise in DPRK-linked workers securing roles in blockchain and tech companies. These individuals create multiple fake personas, sometimes using fabricated references. One worker operated under 12 different identities across Europe and the U.S., targeting defense and government sectors.
In the UK, some DPRK IT workers were found developing Solana and Anchor/Rust smart contracts and building blockchain-based platforms. Investigations also uncovered a network of facilitators helping them bypass job verification processes.
With sanctions tightening, North Korea relies on cyber operations for revenue. The U.S. Treasury estimates these IT workers generate hundreds of millions annually, with up to 90% of wages seized to fund military projects.
Beyond financial gain, DPRK IT workers also enable state-sponsored hacks. The Lazarus Group, linked to the $1.5B Bybit hack, has exploited these infiltrations to breach internal systems. As scrutiny in the U.S. rises, North Korean infiltration is expanding across Europe.
YOU MIGHT ALSO LIKE: DOGE Price Drops as Elon Musk Shuts Down Government Adoption Rumors
