Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Governance & Risk Management
US Sanctions Are Forcing North Korea to Shift Targets, Using Workers With Fake IDs
North Korean hackers posing as IT workers used to focus on stealing cryptocurrency and infiltrating U.S. tech companies to access sensitive data, but U.S. sanctions and increasing awareness of these job scammers have forced Pyongyang to shift its focus to Europe, said Luke McNamara, deputy chief analyst at Mandiant.
See Also: Breaking Down Silos With a Holistic View of Security, Risk
“These operations essentially are gaining employment, gaining a paycheck in virtually any organization, any sector,” McNamara said. “What we’re now seeing in Europe in part probably represents some successful efforts at disruption in the United States, but it also means that this is now a much more global problem that we are seeing.”
The attacks against tech companies in Europe have been executed by “facilitators” located in the United Kingdom or the U.S., Mandiant found in its latest report released last week.
The primary motive of these “expanded” global campaigns remains the same: financial gain for the North Korean government through crypto and corporate espionage campaigns, McNamara said.
In this video with Information Security Media Group, McNamara also discussed:
- Threats posed by North Korean IT worker hacks;
- Motives of the hackers and the leading groups behind them:
- The use of front companies and other anonymization tactics to fool employers;
- How organizations can spot fake North Korean hackers on their networks
McNamara has more than a decade of experience in cyberthreat intelligence. His expertise includes tracking emerging threats and trends related to nation-state threat activities tied to Russia, China, North Korea and Iran. Prior to Google Mandiant, McNamara worked at FireEye and iSIGHT, where he focused on strategic and cyberespionage analysis.