Google Warns of Increased North Korean Cyber Attacks on Solana Projects
North Korean IT workers are intensifying cyber activities targeting blockchain projects in Europe, according to a report from Google Cloud. Key points include:
- Increased attacks on projects within the Solana network, including applications and job boards.
- DPRK operatives impersonate remote workers to infiltrate companies and steal sensitive data, likely sold for regime revenue.
- Shift in focus from the U.S. to Europe due to heightened scrutiny and DOJ indictments in the states.
- A single worker managed 12 fake identities across the U.S. and Europe to secure employment.
- Workers exhibit strong coding skills, engaging in projects involving token hosting platforms and developing a Solana-based job marketplace.
- Developments include smart contracts using Anchor and Rust, as well as AI web applications.
- BYOD (Bring Your Own Device) environments are highlighted as vulnerable targets for these operations.
- DPRK entities are significant threat actors, responsible for an estimated $1.3 billion in crypto theft in 2024 and a $1.5 billion hack on Bybit in February.