在美国镇压之后

与朝鲜有联系的欺诈性科技工人正在将其渗透运营扩展到美国以外的区块链公司

After U.S. authorities cracked down on fraudulent tech workers with ties to North Korea, the workers are expanding their infiltration operations to blockchain firms outside of the U.S. and fibbing about their employment history, Google Threat Intelligence Group (GTIG) adviser Jamie Collier says in an April 2 report.

在美国当局对与朝鲜有联系的欺诈性科技工人破解后，工人将其渗透运营扩展到美国以外的区块链公司，并涉及他们的就业历史，Google Thraity Intelligence Group（GTIG）顾问Jamie Collier在4月2日的报告中说。

The North Korea-linked workers are capable of speaking English and have been applying for roles in traditional web development and advanced blockchain applications, such as projects involving Solana and Anchor smart contract development, according to Collier. Another project building a blockchain job marketplace and an artificial intelligence web application leveraging blockchain technologies was also found to have North Korean workers.

根据Collier的说法，与朝鲜有联系的工人能够说英语，并一直在传统的网络开发和高级区块链应用程序中申请角色，例如涉及Solana和Anchor Smart合同开发的项目。还发现另一个项目建立区块链就业市场和人工智能网络应用程序，利用区块链技术具有朝鲜工人。

“These individuals pose as legitimate remote workers to infiltrate companies and generate revenue for the regime,” Collier said.

科利尔说：“这些人可以作为合法的远程工人渗透到渗透公司并为政权带来收入。”

Along with the U.K., GTIG identified a notable focus on Europe, with one worker using at least 12 personas across Europe and others using resumes listing degrees from Belgrade University in Serbia and residences in Slovakia.

GTIG与英国一起确定了对欧洲的显着关注，其中一名工人在欧洲至少使用12个角色，而其他工人则使用塞尔维亚贝尔格莱德大学和斯洛伐克住宅的简历上市学位。

Separate GTIG investigations found personas seeking employment in Germany and Portugal, login credentials for user accounts of European job websites, instructions for navigating European job sites, and a broker specializing in false passports.

单独的GTIG调查发现，在德国和葡萄牙寻求就业的角色，欧洲工作网站用户帐户的登录证书，浏览欧洲工作网站的说明以及专门从事虚假护照的经纪人。

At the same time, since late October, the North Korean workers have increased the volume of their extortion attempts and gone after larger organizations, which GTIG speculates is the workers feeling pressure to maintain revenue streams amid a crackdown in the U.S.

同时，自10月下旬以来，朝鲜工人增加了勒索尝试的量

“In these incidents, recently fired IT workers threatened to release their former employers' sensitive data or to provide it to a competitor. This data included proprietary data and source code for internal projects,” Collier said.

“在这些事件中，最近解雇了IT工人威胁要发布其前雇主的敏感数据或将其提供给竞争对手。这些数据包括专有数据和内部项目的源代码，” Collier说。

In January, the U.S. Justice Department indicted two North Korean nationals for their involvement in a fraudulent IT work scheme that spanned April 2018 to August 2024 and affected at least 64 U.S. companies.

一月份，美国司法部因参与欺诈性IT工作计划而起诉两名朝鲜国民，该计划跨越了2018年4月至2024年8月，并影响了至少64家美国公司。

The U.S. Treasury Department’s Office of Foreign Assets Control also sanctioned companies it accused of being fronts for North Korea that generated revenue via remote IT work schemes.

美国财政部的外国资产控制办公室还批准了它被指控是通过远程IT工作计划获得收入的朝鲜方面的公司。

The new report from Google comes amid crypto founders reporting an increase in activity from North Korean hackers. At least three founders reported on March 13 that they foiled attempts to steal sensitive data through fake Zoom calls. Having audio issues on your Zoom call? That's not a VC, it's North Korean hackers. Fortunately, this founder realized what was going on.The call starts with a few "VCs" on the call. They send messages in the chat saying they can't hear your audio, or suggesting there's an…

Google的新报告是在加密创始人报告中报道了朝鲜黑客活动的增加的。 3月13日，至少有三位创始人报告说，他们挫败了通过假缩放电话窃取敏感数据的尝试。在缩放电话上有音频问题？那不是VC，而是朝鲜黑客。幸运的是，该创始人意识到发生了什么。该电话始于通话中的一些“ VCS”。他们在聊天中发送消息说他们听不到您的音频，或者暗示有一个…

— Haider Hejaz (KhashChain) (@HaiderHejaz) March 13, 2024

-Haider Hejaz（Khashchain）（@haiderhejaz）2024年3月13日

The identity theft scheme has been ongoing for at least a year, with blockchain investigator ZachXBT in August claiming to have uncovered a sophisticated network of North Korean developers earning $500,000 a month working for “established” crypto projects.

身份盗用计划已经进行了至少一年，区块链调查员Zachxbt在8月份声称已经发现了一个复杂的北朝鲜开发商网络，每月为“既定”加密项目工作，每月赚取500,000美元。