North Koreans pose as IT workers and infiltrate crypto startups in Europe

A report published on Tuesday by Google Threat Intelligence Group (GTIG) reveals that IT workers associated with the Democratic People’s Republic of Korea (DPRK) have infiltrated crypto projects in the European Union and the United Kingdom. These individuals operated as remote developers in Solana-based startups across the UK, Germany, Portugal, and Serbia.

This expansion beyond the United States marks an escalation in DPRK’s cyber operations. According to GTIG, these activities pose risks for targeted companies, including espionage, data theft, and potential extortion attacks.

GTIG warns that organizations working with remote developers must implement strict cybersecurity measures to prevent unauthorized access to data and digital infrastructure.