You are here

(TLP:CLEAR) The North Korean IT Worker Threat Continues to Expand

(TLP:CLEAR) The North Korean IT Worker Threat Continues to Expand

TLP:CLEAR
Created: Thursday, April 3, 2025 - 15:10
Categories:
Cybersecurity, Security Preparedness

Summary: Google Cloud and CyberScoop have recently shared additional information indicating an expanding effort in scope and scale from the threat of Democratic People’s Republic of Korea (DPRK) IT workers infiltrating businesses in the U.S. and abroad for over a year.

Analyst Note: WaterISAC is sharing this article for continued awareness into the threat to critical infrastructure by DPRK cyber operatives. According to open-source reporting, the scope and scale of the DPRK IT worker threat continues to expand across the globe with DPRK workers gaining full-time employment as engineers and specialists and, therefore, having the highest degree of access in enterprise systems. According to insider risk management firm DTEX, there are thousands of estimated critical infrastructure organizations that have been infiltrated by DPRK operatives. Additionally, organizations that hire DPRK IT workers are at risk of espionage, data theft, and disruption, according to Google Cloud.

Original Source: https://cyberscoop.com/north-korea-technical-workers-full-time-jobs/

Additional Reading:

Related WaterISAC PIRs: 6, 6.1