**Large Influx of North Korean “Soldiers” Infiltrating Western Companies Revealed**
The French newspaper Le Figaro reported that a large number of North Korean “soldiers” have been forging identities and resumes to pose as remote freelancers, infiltrating Western companies in order to steal money and transfer it back to North Korea to fund military and nuclear programs, as well as to steal sensitive data.
According to reports citing multiple information security companies, North Korea has dispatched at least tens of thousands of individuals to infiltrate companies in several Western countries.
A specialized cybersecurity firm, DTEX, has tracked nearly a thousand North Korean “scammers” employed by large enterprises and has publicly disclosed their personal email addresses as a warning. Among these exposed North Koreans, two individuals infiltrated the cryptocurrency industry using forged Japanese and Singaporean passports under the aliases “Naoki Murano” and “Jensen Collins.”
These two individuals were initially sent to Laos before moving on to Russia, using false identities to apply for developer positions at multiple companies. A few years ago, the cryptocurrency platform DeltaPrime hired “Naoki Murano” as a remote freelancer based on his resume; however, he used his access as a website administrator to steal $6 million from the company’s account.
Currently, North Korean scammers are primarily targeting cryptocurrency enterprises. Blockchain development expert Zaki Manian even assessed that over 50% of job applicants and resumes in the entire cryptocurrency industry appear to come from North Korea.
Manian, co-founder of the U.S. startup company Iqlusion, previously hired two programmers from Singapore in 2021 who, after leaving the company, were later found by the FBI to have transferred all their salaries to North Korea.
A cybersecurity expert noted that large companies often subcontract minor tasks to external firms, providing opportunities for North Korean thieves. “Their preferred industry is cryptocurrency, but money is no longer their sole motivation. They now seek intellectual property and sensitive information,” the expert added.
Research by the U.S. cybersecurity company Kela has uncovered at least one group of North Koreans posing as independent engineers and architects in the U.S., showcasing online 3D portfolios without proper government permits for their architectural designs.
Experts believe that France is among the countries of interest to North Korea, who seemingly have not yet posed significant threats through these remote North Korean workers. The U.S. holds more appeal for North Korea due to its greater profitability and less concentrated sensitive industries, making infiltration easier.
However, Mandiant, a cybersecurity firm, reported in April this year that North Korean activities in Europe have been on the rise, with an information engineer from North Korea operating in Europe and the U.S. under at least 12 different identities at the end of 2024, particularly targeting defense and government sectors.
The report mentioned that many of these remote North Korean workers are members of Unit 227, an intelligence division of North Korea referred to as “soldiers.” DTEX believes that others may be directly linked to the North Korean Ministry of Defense or the Military Industrial Department involved in missile development.
These individuals received training in Russian cybercrime forums, employ similar job-seeking techniques, including using artificial intelligence to create fake personas and photos, forging identification documents, setting up fake websites to gain recruiters’ trust, and even using real-time face-changing software during interviews.
Mandiant stated that in Europe, these individuals are hired through online platforms like Upwork, Telegram, Freelancer, using services like TransferWise and Payoneer to receive payments in cryptocurrency, indicating a deliberate attempt to conceal the source and destination of money.
According to Kela, once these individuals infiltrate a company, they clandestinely transfer their salaries to North Korea, misuse their permissions to install malware, steal data, or engage in extortion.
Reports indicate that the United Nations estimates that North Korea’s army of thousands of fraudsters generates annual revenues of $250-600 million for the country through salaries, data theft, and cryptocurrency theft, mainly used for military and nuclear programs. A UN report states that over 50% of funds for North Korea’s nuclear program come from online theft.
*(Translated from Central News Agency)*