Researchers from the Google Threat Intelligence Group (GTIG) report that a wave of cyberattacks orchestrated by North Korea is underway. Initially confined to the United States, these offensives are now spreading to the European continent. According to Google's threat detection and analysis division, a veritable army of "information technology warriors" is attacking more and more organizations across Europe.
The modus operandi of North Korean cybercriminals is particularly devious. They initially pose as independent IT workers looking for work. They will apply for remote jobs using impressive resumes, which are entirely fake.
Deepfakes and AI at the heart of the attacks
If they land an interview, they will do everything possible to disguise their faces and accents. These fake workers will use generative AI and deepfakes to fool recruiters. They claim to be located in countries such as Italy, Japan, Malaysia, Singapore, Ukraine, the United States, and Vietnam. As Jamie Collier, Senior Intelligence Advisor at GTIG, explains, cybercriminals use a “combination of real and fabricated personas”. The researcher discovered "fabricated personas, with resumes listing degrees from the University of Belgrade in Serbia and residencies in Slovakia."
Once hired, the hackers will send almost their entire salary to the government of the Democratic People's Republic of Korea (DPRK). The money will swell the country's coffers and fund the military programs of Kim Jong Un, North Korea's supreme leader since 2011. The researchers note that many workers are paid through cryptocurrency, or services like TransferWise and Payoneer. Most often, the spies hold multiple jobs and use different schemes to make it appear they are doing their job. They subcontract or use computers with VPNs.
Above all, fake employees will take advantage of access to company systems to spread malware or seize confidential and sensitive data. This data is transmitted directly to North Korea's intelligence services. In some cases, hackers do not hesitate to blackmail their employers by threatening to publish the recovered data.
A threat that has become global
During its research, the Google Threat Intelligence Group discovered the presence of fake employees in companies in Germany, Portugal, and the United Kingdom. Hackers have infiltrated key technology sectors, such as blockchain and AI, including robotics. A spy was even discovered in European government entities.
Google experts noted "an increase in active operations in Europe". According to the researchers, North Korean spies have gradually turned to Europe following the US measures against them. Indeed, "increased threat awareness through public reports, US Department of Justice indictments, and right-to-work verification challenges"has complicated the spies' task. They have "encountered difficulties finding and maintaining employment in the country."
Aware of the hackers' tactics, the FBI issued a series of warnings about North Korean hackers last year. As a result, US companies have become increasingly difficult to dupe, which has led "to a global expansion of cyber workers' operations, with a notable focus on Europe." Nevertheless, hundreds of companies in the United States have been duped by North Korea in recent years. Earlier this year, the U.S. Department of Justice indicted two North Korean nationals suspected of orchestrating a massive fraud against 64 U.S. companies.
Source: Google
0 Comments