North Korea’s cyber operations continue to evolve, with Google’s Threat Intelligence Group (GTIG) reporting a sharp increase in IT worker activity on a global scale. While previous investigations largely centred on U.S. operations, new findings confirm that the problem has now expanded to Europe, with Australia, New Zealand, and other regions worldwide also in the firing line.
Targeting Defence and Government Sectors
In late 2024, GTIG identified a North Korean IT worker operating under at least 12 fabricated identities across Europe and the U.S. This individual successfully sought employment within defence industrial bases and European government entities, a concerning expansion of Pyongyang’s cyber-infiltration strategy.
Falsified Identities and Sophisticated Deception
DPRK IT operatives have demonstrated a remarkable ability to falsify credentials and fabricate backgrounds. These workers frequently:
- Forge references and employment histories.
- Engage recruiters with pre-prepared personas to vouch for their credibility.
- Assume false nationalities, including Italian, Japanese, Malaysian, Singaporean, Ukrainian, American, and Vietnamese.
This intricate web of deception enables North Korean operatives to secure sensitive roles within key industries, posing severe security risks.
Escalating Extortion Efforts
Since October 2024, North Korean IT workers have increasingly resorted to extortion. Recently dismissed workers have threatened to leak proprietary data and source code to competitors. Initially targeting smaller businesses, these cyber actors are now shifting focus to larger enterprises with higher ransom demands.
An Evolving Threat to APAC
Dr Jamie Collier, Lead Threat Intelligence Advisor for Europe at GTIG, warns that North Korea’s cyber tactics have been evolving for over a decade, spanning SWIFT financial fraud, ransomware attacks, cryptocurrency theft, and supply chain compromises. “Given DPRK IT workers’ operational success, North Korea will likely broaden its global reach. With APAC already impacted by these operations, this problem is set to escalate. These campaigns thrive on ignorance and will likely enjoy particular success in areas of APAC with less awareness of the threat.”
The expansion of North Korea’s IT worker operations into Australia and New Zealand highlights an urgent need for heightened vigilance and policy intervention. As these threats grow in sophistication and scale, security professionals must prioritise awareness and detection strategies to counteract this persistent cyber menace.
