North Korean operatives have increasingly targeted European firms by posing as legitimate remote IT workers. According to Google’s Threat Intelligence Group, individuals linked to the DPRK have been active in countries such as Germany, Portugal, Serbia, and Slovakia. They have used fake CVs, forged identity documents, and AI-generated profile photos to successfully pass job interviews.
The motives behind these operations include:
- Securing IT jobs to divert salaries directly into North Korea’s state finances.
- Planting malware on corporate systems to exfiltrate sensitive data and extort money.
- Working simultaneously for multiple companies to collect several salaries, often while performing poorly or failing to deliver results altogether.
Details: https://cloud.google.com/blog/topics/threat-intelligence/dprk-it-workers-expanding-scope-scale/?hl=en