Illicit cyber activities conducted by North Korean “IT workers” are on the rise throughout Europe, particularly targeting blockchain initiatives, as reported on Wednesday.
Projects utilizing the Solana network—including applications and job platforms—are increasingly falling victim to these attacks. Operatives from the Democratic People’s Republic of Korea (DPRK) disguise themselves as legitimate remote employees in order to infiltrate organizations, seize control of essential systems, and steal sensitive information, which is then likely sold to generate funds for the regime.
This surge in threats across Europe represents a notable shift from a previous focus on the U.S., especially after DPRK-affiliated entities faced scrutiny due to indictments from the Department of Justice and tighter hiring practices in the U.S.
The findings indicate that one of these workers managed to maintain 12 fictitious identities across both the U.S. and Europe. They sought job opportunities by creating false references, building relationships with recruiters, and utilizing other personas to back their legitimacy.
These individuals are not lacking in technical skills either; they have engaged in various projects, including token hosting platforms utilizing Next.js, React, and CosmosSDK, and even developed an entire job marketplace based on Solana.
Moreover, many blockchain-related projects involved developing smart contracts with Anchor and Rust. One worker even created an AI web application using Electron, Next.js, and additional blockchain technologies.
A significant issue may be workplaces permitting employees to use their own devices.
“There is a belief that these IT workers have pinpointed BYOD (Bring Your Own Device) environments as particularly vulnerable to their operations, and by January 2025, they are actively targeting employers in these scenarios,” the report noted.
The global expansion of tactics, along with extortion strategies and the use of virtualized infrastructure, underline the adaptable methods being employed by DPRK IT professionals.
Entities and hacking groups from North Korea represent some of the most formidable threat actors in the cryptocurrency realm, reportedly stealing an estimated $1.3 billion from projects in 2024 and carrying out a $1.5 billion hack on the crypto exchange Bybit in February alone.