Googles Threat Intelligence Group has reported that North Korean operatives posing as freelance IT professionals are increasingly targeting the United Kingdom and broader Europe as US-based employment scams become less effective, according to Techrepublic.
Tactics include using fabricated identities, falsified educational and residency credentials, and AI-generated profile photos or deepfake videos to secure remote jobs. These workers offer services in blockchain, AI development, and other technical fields, using stolen or artificial personal data from countries such as Italy, Ukraine, and Singapore. Payments are routed through cryptocurrency and cross-border platforms like Payoneer to obscure the financial trail.The shift in geographic focus is attributed to stricter US verification processes and increased awareness, prompting these actors to exploit less-prepared European markets. Targeted countries include Germany, Serbia, Portugal, and Slovakia. Researchers warn that these infiltrators are embedding themselves in corporate virtual infrastructure, threatening data leaks for ransom after termination.Facilitators in target countries assist in bypassing identity checks and job application procedures. Bring Your Own Device policies have also become an attack vector, allowing threat actors to access internal networks without company-managed hardware, reducing their traceability.
Tactics include using fabricated identities, falsified educational and residency credentials, and AI-generated profile photos or deepfake videos to secure remote jobs. These workers offer services in blockchain, AI development, and other technical fields, using stolen or artificial personal data from countries such as Italy, Ukraine, and Singapore. Payments are routed through cryptocurrency and cross-border platforms like Payoneer to obscure the financial trail.The shift in geographic focus is attributed to stricter US verification processes and increased awareness, prompting these actors to exploit less-prepared European markets. Targeted countries include Germany, Serbia, Portugal, and Slovakia. Researchers warn that these infiltrators are embedding themselves in corporate virtual infrastructure, threatening data leaks for ransom after termination.Facilitators in target countries assist in bypassing identity checks and job application procedures. Bring Your Own Device policies have also become an attack vector, allowing threat actors to access internal networks without company-managed hardware, reducing their traceability.
