2

North Korea-linked tech operatives are broadening their infiltration of global blockchain companies, with a noticeable shift toward targeting firms in the United Kingdom and Europe, according to Google’s Threat Intelligence Group (GTIG).

The move follows heightened scrutiny from U.S. authorities, which has pushed many of these actors to seek employment beyond American borders.

DISCOVER: Best Meme Coin ICOs to Invest in March 2025

North Korea-Linked IT Fraudsters Build Global Network of Fake Identities, Says Google

In a report released on April 2, GTIG adviser Jamie Collier said that fraudulent IT workers tied to North Korea are adapting to increased awareness in the U.S. by building a global network of fake identities.

“In response to heightened awareness of the threat within the United States, they’ve established a global ecosystem of fraudulent personas to enhance operational agility,” Collier noted.

Collier emphasized that the presence of enablers within the UK suggests the formation of a broader support network, enabling these operatives to persist in their schemes.

These workers have managed to infiltrate a wide range of projects, from traditional web development to advanced blockchain applications, including work on Solana and Anchor smart contracts.

One case involved North Korean developers working on a blockchain-based job marketplace and an AI-powered web application using blockchain technologies.

These individuals often pose as legitimate remote employees, enabling them to gain access to company systems and funnel revenue back to the North Korean regime.

“This places organizations that hire DPRK IT workers at risk of espionage, data theft, and disruption,” Collier warned.

Beyond the UK, GTIG has identified an expanded focus on Europe. Investigators uncovered at least one North Korean worker using 12 different identities across European countries.

Having audio issues on your Zoom call? That’s not a VC, it’s North Korean hackers.

Fortunately, this founder realized what was going on.

The call starts with a few “VCs” on the call. They send messages in the chat saying they can’t hear your audio, or suggesting there’s an… pic.twitter.com/ZnW8Mtof4F

— Nick Bax.eth (@bax1337) March 11, 2025

Several others submitted resumes referencing degrees from Belgrade University and residences in Slovakia. Additional findings included attempts to gain work in Germany and Portugal, stolen credentials for job platforms, and a broker offering fake passports.

EXPLORE: 10 Best AI Crypto Coins to Invest in 2025

Report Reveals Surge in Extortion Threats by Dismissed Workers Since October

The report also highlights a surge in extortion attempts since October. In several cases, recently dismissed workers threatened to leak sensitive data or sell it to competitors. Targeted data included proprietary source code and internal project files.

In the U.S., the crackdown on such activities has intensified. In January, the Justice Department indicted two North Korean nationals for orchestrating a fraudulent IT employment scheme involving over 60 companies.

Simultaneously, the U.S. Treasury sanctioned entities accused of operating as front companies for North Korean IT activities.

Meanwhile, crypto project founders continue to raise the alarm. On March 13, at least three reported foiling North Korean phishing attempts disguised as fake Zoom interviews.

In August, blockchain investigator ZachXBT revealed that North Korean developers were earning up to $500,000 monthly while embedded in legitimate crypto firms.

EXPLORE: 10 Coins with High Returns: Crypto Forecast 2025

The post North Korea-Linked Fraudsters Target UK Crypto Firms, Google Warns appeared first on 99Bitcoins.

Source link