N. Korean tech workers faked IDs for overseas defense jobs
North Korean cyberattacks involving the use of fake identities to secure employment at U.S. information technology (IT) companies—then stealing sensitive information—are now spreading beyond the United States to Europe and other regions, according to an analysis.The recent intensified crackdown on North Korean hackers in the U.S. has prompted them to adopt more sophisticated methods and broader disguises in their activities, the Google Threat Intelligence Group (GTIG) said in a report published Wednesday on the official Google Cloud blog.According to the report, North Korean IT workers posed as individuals of various nationalities—including Italian, Japanese, Malaysian, Singaporean, Ukrainian, American, and Vietnamese—using a mix of real and fictitious identities to secure employment. These developers, particularly those operating in Europe, were recruited through online platforms such as Upwork, Telegram, and Freelancer. Their wages were paid in cryptocurrency or via international money transfer services like Wise, to obscure the funds’ origin and destination.In one case, Google revealed that a North Korean IT developer used more than a dozen fake identities to operate across Europe and the U.S. late last year, actively seeking employment with defense and government organizations in Europe. Another North Korean IT developer was found operating in Germany and Portugal, logging into European job platforms and asset management systems. In the United Kingdom, North Korean IT workers were discovered working on projects ranging from website development and bot creation to building content management systems (CMS).남혜정기자 namduck2@donga.com