North Korea’s IT Operatives Are Exploiting Remote Work Globally

The global rise of North Korean IT worker infiltration poses a serious cybersecurity risk—using fake identities, remote access, and extortion to compromise organizations.

The scope, scale, and evolving tactics of North Korean IT workers infiltrating western organizations continues to grow. Europe is targeted, and extortion is added.

The US remains a key target for North Korea (DPRK); but the threat is understood, and the right-to-work verification challenge is making the scheme and scam more difficult. This is probably a key factor to increasing operations in other countries. Google Threat Intelligence Group (GTIG) now calls the operation a global threat.

In late 2024, one worker operated at least 12 personas across Europe and the US. These personas would provide job references for each other. Other IT worker personas were discovered in Germany and Portugal.

In the UK, DPRK IT workers have been involved in projects including web, bot, and CMS ...