According to the Google threat intelligence group, IT workers are north -Korean pirates who hide themselves for applying for jobs in the UK. The success in the United States decreases due to increasing awareness about tactics, indictments and the right to verify the right to work and asks them to return to another place.
The attackers posed as legitimate distance workers, performing income, accessing sensitive company data or performing espionage operations through employment. The researchers observed that they were looking for entry information for business sites and human capital management platforms.
“Europe needs to wake up quickly,” he said, “Europe needs to wake up,” Google Threat Intelligence Group Europe, Threat Intelligence Advisor. “Although IT worker operations are in the plus signs, the US perceives as a problem. North Korea’s latest shifts are probably caused by the US operational barriers and show the ability of workers to adapt to changing conditions.”
TO SEE: England cyber risks ‘widely underestimated’ warns the country’s security chief
Computer pirates target larger organizations and new regions
Activity has increased since the end of October, According to GoogleKorea aims to aim larger organizations and new regions with attackers from the Democratic People’s Republic. Researchers are not only England because they discovered evidence of the increase in activities in Germany, Portugal, Serbia and other parts of Europe.
Google’s researchers produced a fake CV list from the University of Belgrade in Serbia and housing addresses in Slovakia. In addition, they found detailed instructions on how to safely employ employment in Serbia, including a broker that facilitates the creation of Serbian time zone for navigating and communication in European business sites and communication in Serbia.
More aggressive tactics are caused by helplessness
North Korean IT workers use more aggressive tactics such as acting in corporate virtualized infrastructure and releasing registered institutional data after being dismissed unless the ransom is paid.
While researchers attribute this to helplessness to protect income flows, law enforcement officers reduce their operations in the USA. While the workers avoided burning bridges with employers after the termination, hoping to be hired, they believed that they were now caused by the capture of their dismissal, and instead they asked them to threate the employers.
Collier, Techrepublic’e told, “Ten -year cyber attacks, North Korea’s rapid targeting and ransom software crypto currency theft and supply chain reconciliation comes before the last increase.” “This brutal innovation shows a long -term commitment to finance the regime through cyber operations.”
How do North Korean IT workers’ operations work?
The targeted industries include defense and government sectors with fabric workers, which provide fabrication references, to establish a relationship with business work and control their reliability to vouch for. They are hired via online platforms, including upwork, Telegram and Freelancer.
North Korean workers, using a combination of stolen personal details from real individuals and fabrication information, make it seem to come from various countries, including Italy, Japan, Malaysia, Singapore, Ukraine, the United States and Vietnam. It is even known that they use AI to create profile photos, create deep times for video interviews, and convert communication into target languages using AI writing tools.
In exchange for employment, North Korean offers a wide range of expertise in the development of web solutions such as business markets, boots, content management systems, blockchain and AI applications. The payment helps to hide its origin and target in the crypto currency and through cross -border transfer platforms such as Payoneer and Transferwise.
CT workers use certain “facilitators için to help them in their quest. These are individuals or organizations based on target regions that help them find jobs, skip verification controls and receive funds fraudulently. The Google team found a corporate laptop operating in London from New York and found the evidence of facilitators in both the US and the UK.
Bring your own device environments make life easier for workers
Many businesses with distributed labor force bring your own device policies that employees can use their personal devices for business. Since January, the Google team believes that North Korean IT workers have described these companies as the main targets to win business.
See: BYD and Personal Applications: A recipe for data violations
A company’s device will probably have security features such as efficiency monitoring and can be monitored to the user with the address and end point software inventories sent by the company. Therefore, the attacker’s employers will be more likely to avoid detection using their own laptops to access internal systems through virtual machines.
