在美國鎮壓之後

與朝鮮有聯繫的欺詐性科技工人正在將其滲透運營擴展到美國以外的區塊鏈公司

After U.S. authorities cracked down on fraudulent tech workers with ties to North Korea, the workers are expanding their infiltration operations to blockchain firms outside of the U.S. and fibbing about their employment history, Google Threat Intelligence Group (GTIG) adviser Jamie Collier says in an April 2 report.

在美國當局對與朝鮮有聯繫的欺詐性科技工人破解後，工人將其滲透運營擴展到美國以外的區塊鏈公司，並涉及他們的就業歷史，Google Thraity Intelligence Group（GTIG）顧問Jamie Collier在4月2日的報告中說。

The North Korea-linked workers are capable of speaking English and have been applying for roles in traditional web development and advanced blockchain applications, such as projects involving Solana and Anchor smart contract development, according to Collier. Another project building a blockchain job marketplace and an artificial intelligence web application leveraging blockchain technologies was also found to have North Korean workers.

根據Collier的說法，與朝鮮有聯繫的工人能夠說英語，並一直在傳統的網絡開發和高級區塊鏈應用程序中申請角色，例如涉及Solana和Anchor Smart合同開發的項目。還發現另一個項目建立區塊鏈就業市場和人工智能網絡應用程序，利用區塊鏈技術具有朝鮮工人。

“These individuals pose as legitimate remote workers to infiltrate companies and generate revenue for the regime,” Collier said.

科利爾說：“這些人可以作為合法的遠程工人滲透到滲透公司並為政權帶來收入。”

Along with the U.K., GTIG identified a notable focus on Europe, with one worker using at least 12 personas across Europe and others using resumes listing degrees from Belgrade University in Serbia and residences in Slovakia.

GTIG與英國一起確定了對歐洲的顯著關注，其中一名工人在歐洲至少使用12個角色，而其他工人則使用塞爾維亞貝爾格萊德大學和斯洛伐克住宅的簡歷上市學位。

Separate GTIG investigations found personas seeking employment in Germany and Portugal, login credentials for user accounts of European job websites, instructions for navigating European job sites, and a broker specializing in false passports.

單獨的GTIG調查發現，在德國和葡萄牙尋求就業的角色，歐洲工作網站用戶帳戶的登錄證書，瀏覽歐洲工作網站的說明以及專門從事虛假護照的經紀人。

At the same time, since late October, the North Korean workers have increased the volume of their extortion attempts and gone after larger organizations, which GTIG speculates is the workers feeling pressure to maintain revenue streams amid a crackdown in the U.S.

同時，自10月下旬以來，朝鮮工人增加了勒索嘗試的量

“In these incidents, recently fired IT workers threatened to release their former employers' sensitive data or to provide it to a competitor. This data included proprietary data and source code for internal projects,” Collier said.

“在這些事件中，最近解雇了IT工人威脅要發布其前雇主的敏感數據或將其提供給競爭對手。這些數據包括專有數據和內部項目的源代碼，” Collier說。

In January, the U.S. Justice Department indicted two North Korean nationals for their involvement in a fraudulent IT work scheme that spanned April 2018 to August 2024 and affected at least 64 U.S. companies.

一月份，美國司法部因參與欺詐性IT工作計劃而起訴兩名朝鮮國民，該計劃跨越了2018年4月至2024年8月，並影響了至少64家美國公司。

The U.S. Treasury Department’s Office of Foreign Assets Control also sanctioned companies it accused of being fronts for North Korea that generated revenue via remote IT work schemes.

美國財政部的外國資產控制辦公室還批准了它被指控是通過遠程IT工作計劃獲得收入的朝鮮方面的公司。

The new report from Google comes amid crypto founders reporting an increase in activity from North Korean hackers. At least three founders reported on March 13 that they foiled attempts to steal sensitive data through fake Zoom calls. Having audio issues on your Zoom call? That's not a VC, it's North Korean hackers. Fortunately, this founder realized what was going on.The call starts with a few "VCs" on the call. They send messages in the chat saying they can't hear your audio, or suggesting there's an…

Google的新報告是在加密創始人報告中報導了朝鮮黑客活動的增加的。 3月13日，至少有三位創始人報告說，他們挫敗了通過假縮放電話竊取敏感數據的嘗試。在縮放電話上有音頻問題？那不是VC，而是朝鮮黑客。幸運的是，該創始人意識到發生了什麼。該電話始於通話中的一些“ VCS”。他們在聊天中發送消息說他們聽不到您的音頻，或者暗示有一個…

— Haider Hejaz (KhashChain) (@HaiderHejaz) March 13, 2024

-Haider Hejaz（Khashchain）（@haiderhejaz）2024年3月13日

The identity theft scheme has been ongoing for at least a year, with blockchain investigator ZachXBT in August claiming to have uncovered a sophisticated network of North Korean developers earning $500,000 a month working for “established” crypto projects.

身份盜用計劃已經進行了至少一年，區塊鏈調查員Zachxbt在8月份聲稱已經發現了一個複雜的北朝鮮開發商網絡，每月為“既定”加密項目工作，每月賺取500,000美元。