North Korean IT operatives infiltrate UK blockchain projects

North Korean tech workers posing as freelance IT professionals have been found infiltrating blockchain companies in the UK, according to a report by Google’s Threat Intelligence Group (GTIG).

This development follows heightened scrutiny in the U.S., prompting these operatives to expand their operations globally.

Jamie Collier, an adviser at GTIG, revealed that North Korea-linked workers use fraudulent personas to secure remote positions in blockchain firms.

These workers are involved in both traditional web development and advanced blockchain applications, including projects on Solana and Anchor smart contract development.

“They’ve established a global ecosystem of fraudulent personas to enhance operational agility,” Collier stated.

The operatives reportedly generate revenue for the North Korean regime while posing risks to the companies they infiltrate.

Organisations hiring these workers face threats of espionage, data theft, and operational disruption.

Recent investigations uncovered workers using multiple fake identities across Europe, including resumes listing degrees from Serbian universities and addresses in Slovakia.

Some even employed brokers specialising in false passports to evade detection.

The shift toward targeting non-U.S. firms comes amid increased pressure on North Korean IT workers to maintain revenue streams following crackdowns by U.S. authorities.

Collier noted cases where fired workers threatened to release sensitive company data or sell it to competitors, highlighting the growing extortion attempts.

This infiltration strategy is part of a broader effort by North Korea to evade international sanctions and fund its controversial military programs.

The National Cyber Security Centre (NCSC) in the UK has warned businesses about the risks associated with hiring DPRK-linked workers.

Rafe Pilling, Director of Threat Intelligence at Secureworks, described these activities as a “serious escalation,” with operatives now leveraging insider access for extortion.

Globally, North Korea’s cyber program has been linked to significant cryptocurrency thefts, including $659 million stolen across multiple heists.

The U.S., South Korea, and Japan have issued advisories urging blockchain firms and freelance platforms to strengthen hiring processes and cybersecurity measures.