CyberSecurityBoard
Sponsor Register Login

North Korea IT worker scheme expands outside US tech

North Korea has expanded its IT worker recruitment scheme beyond the US tech sector, targeting a broader range of industries globally. This scheme involves recruiting skilled IT professionals to support North Korean cyber operations, which are often linked to state-sponsored hacking activities. The expansion indicates a strategic move by North Korea to bolster its cyber capabilities by leveraging international talent pools. This development raises concerns about the increasing sophistication and reach of North Korean cyber threats, as well as the potential for these recruited workers to facilitate cyber espionage, intellectual property theft, and other malicious activities. Organizations worldwide should be vigilant and enhance their cybersecurity measures to defend against potential threats stemming from this expanded recruitment effort. The article highlights the ongoing challenges in combating state-sponsored cybercrime and the importance of international cooperation in cybersecurity defense.

This Cyber News was published on therecord.media. Publication date: Tue, 30 Sep 2025 20:35:45 +0000


Cyber News related to North Korea IT worker scheme expands outside US tech

US hits senior North Korean officials with sanctions, $3 million bounties | The Record from Recorded Future News - U.S. law enforcement action centered on Korea Sobaeksu Trading Company — a North Korean company allegedly used as a front for the country’s Munitions Industry Department, which oversees the DPRK’s nuclear program and is involved in the ...
7 months ago Therecord.media
North Korean IT worker army expands operations in Europe - GTIG's report follows multiple warnings issued by the FBI regarding North Korea's massive army of IT workers sent abroad to generate revenue, who have tricked hundreds of companies in the United States and worldwide into hiring them over the years. ...
11 months ago Bleepingcomputer.com
Woman Accused of Helping North Korean IT Workers Infiltrate Hundreds of US Firms - The US government has announced charges, seizures, arrests and rewards as part of an effort to disrupt a scheme in which North Korean IT workers infiltrated hundreds of companies and earned millions of dollars for North Korea. According to the ...
1 year ago Securityweek.com
Experts from the United Nations Report North Korean Hackers Have Taken a Large Amount of Digital Assets - Last year, North Korean hackers working for the government stole a record-breaking amount of virtual assets estimated to be worth between $630 million and more than $1 billion, according to a new report from U.N. experts. The panel of experts said ...
3 years ago Securityweek.com Andariel Kimsuky Lazarus Group Rocke
Reserachers Uncovered North Korean Nationals Remote IT Worker Fraud Scheme - In a significant cybersecurity investigation, researchers have revealed an elaborate fraud scheme orchestrated by North Korean nationals who used stolen identities to secure remote IT positions at US-based companies and nonprofits. The operation ...
9 months ago Cybersecuritynews.com
North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
2 years ago Bleepingcomputer.com Andariel Kimsuky Lazarus Group
North Korea IT worker scheme expands outside US tech - North Korea has expanded its IT worker recruitment scheme beyond the US tech sector, targeting a broader range of industries globally. This scheme involves recruiting skilled IT professionals to support North Korean cyber operations, which are often ...
5 months ago Therecord.media North Korean cyber operations
North Korean IT worker scam is now a threat to all companies, cybersecurity experts say | The Record from Recorded Future News - Since disruptions began last year and law enforcement has publicly warned companies of the practice, DTEX’s Barnhart and others said they have seen some workers try to extort companies or hand off their access to more sophisticated North Korean ...
10 months ago Therecord.media
Japan, US, South Korea forum exposes North Korea IT worker scheme - A recent forum involving Japan, the United States, and South Korea has shed light on a covert North Korean scheme involving IT workers. This revelation highlights the ongoing cyber espionage and cybercrime activities attributed to North Korea, where ...
6 months ago Therecord.media North Korea
US, Japan and South Korea Unite to Counter North Korean Cyber Activiti - The US, Japan and South Korea have established a high-level consultative body designed to counter North Korea's cyber activities. A key purpose of the new group is to prevent cyber-attacks and crypto heists used to fund North Korea's weapons ...
2 years ago Infosecurity-magazine.com
Woman gets 8 years for aiding North Koreans infiltrate 300 US firms - According to court documents, Chapman hosted the North Korean IT workers' computers in her own home beteen October 2020 and October 2023, creating a so-called "laptop farm" which was used to make it appear as though the devices were located in the ...
7 months ago Bleepingcomputer.com
US sanctions North Korean firm, nationals behind IT worker schemes - The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned three North Korean nationals and a company for supporting fraudulent IT worker schemes that generated illicit revenue for the Democratic People’s ...
7 months ago Bleepingcomputer.com
North Korean Hackers Behind Major Cyberattacks, Confirmed by FBI - The FBI released a statement confirming that North Korea was behind a series of major cyberattacks in the past year. It is the first time that the FBI has attributed such activity to North Korea. The attacks included intrusions into networks, ...
3 years ago Thehackernews.com
State-Sponsored APT Groups Use Ransomware Tactics for Intelligence Gathering and Sabotage - State-sponsored threat groups are increasingly using ransomware-like tactics to hide more insidious activities. Russian APT group Sandworm has used ransomware programs to destroy data multiple times in the past six months, while North Korea's Lazarus ...
3 years ago Csoonline.com Andariel APT3 APT37 APT38 Kimsuky Lazarus Group BianLian
Seoul Police Reveals: North Korean Hackers Stole South Korean Anti-Aircraft Data - South Korea: Seoul police have charged Andariel, a North Korea-based hacker group for stealing critical defense secrets from South Korea's defense companies. Allegedly, the laundering ransomware is redirected to North Korea. One of the 1.2 terabytes ...
2 years ago Cysecurity.news Andariel Lazarus Group
North Korea APT Slapped With Cyber Sanctions After Satellite Launch - The US Department of the Treasury Office of Foreign Assets Control has announced it has sanctioned cyberespionage group Kimsuky for collecting intelligence on behalf of the Democratic People's Republic of Korea. The OFAC said the sanctions are ...
2 years ago Darkreading.com Kimsuky
Microsoft shuts down 3,000 email accounts created by North Korean IT workers | The Record from Recorded Future News - To illustrate the scale of the financial benefits North Korea is achieving through the scheme, prominent cryptocurrency investigator Zachary Wolk, also known as ZachXBT, said a recent investigation found more than $16.5 million in cryptocurrency ...
8 months ago Therecord.media
US govt sanctions North Korea's Kimsuky hacking group - The Treasury Department's Office of Foreign Assets Control has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals. OFAC has also sanctioned eight North Korean agents for ...
2 years ago Bleepingcomputer.com Andariel Kimsuky
North Korea's Kimsuky Attacks Rivals' Trusted Platforms - North Korea-linked threat groups are increasingly using living-off-the-land (LotL) techniques and trusted services to evade detection, with a recent Kimsuky campaign showcasing the use of PowerShell scripts and storing data in Dropbox folders, along ...
1 year ago Darkreading.com Andariel Kimsuky
Treasury sanctions North Korean over IT worker malware scheme - “Song facilitated an information technology (IT) worker scheme in which individuals, often DPRK nationals working from countries such as China and Russia, were recruited and provided with falsified identities and nationalities to obtain ...
7 months ago Bleepingcomputer.com Lazarus Group Andariel
North Korean Hackers Utilizing Credential Stuffing to Launch Cyberattacks - In an alarming new report, researchers found that North Korean-linked hackers have been using stolen passwords during cyberattacks to gain access to various government, military and financial networks. According to security experts, the creative ...
3 years ago Thehackernews.com
North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence - North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. “Researchers from Mandiant, a Google subsidiary, uncovered and analyzed a ...
1 year ago Securityaffairs.com Kimsuky
North Korea Launches New Military Based Research Center To Strengthen Hacking Capabilities - The center is designed to research and develop international cyber hacking technologies, representing a substantial shift in the country’s approach to information warfare. The establishment of Research Center 227 comes amid increasing ...
11 months ago Cybersecuritynews.com
UK, ROK sound alarm over North Korean supply chain attacks The Register - The national cybersecurity organizations of the UK and the Republic of Korea have issued a joint advisory warning of an increased volume and sophistication of North Korean software supply chain attacks. "In an increasingly digital and interconnected ...
2 years ago Theregister.com Lazarus Group
CVE-2024-27894 - The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and ...
1 year ago

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)