Technical Evolution of Cyber Operations Utilizing Web3, Blockchain, and AI, and Strategic Implications

Google Threat Intelligence Group (GTIG) warned that North Korean IT personnel are now targeting European companies beyond the US, disguised as legitimate remote workers involved in blockchain and AI advanced technology projects. April 2025 GTIG report confirmed expansion from US-centric to European defense contractors and public sector. By late 2024, a single North Korean IT worker used at least 12 fake identities to access multiple companies in Europe and the US; activity traces found in Germany, Portugal, and the UK. Technical sophistication: participation in Solana smart contracts, AI web app development, MERN stack blockchain marketplace construction, Next.js + Tailwind CSS development, Anchor/Rust smart contract work — indicating expert-level technical capability. Operational infrastructure: recruited via Upwork, Telegram, Freelancer; paid via cryptocurrency, Payoneer, TransferWise; internal guide documents included deepfake videos, AI-based writing tools, and forged passport broker contacts. Financial flow: companies paying legitimate-appearing contractor fees are indirectly funding North Korean state cyber operations — the foreign currency earned supports weapons development programs. BYOD vulnerability: personal devices used for work bypass corporate security monitoring; virtual infrastructure masks actual location. Detection and mitigation: enhanced identity verification (video interviews with unexpected questions, government ID cross-verification against multiple databases); device security requirements (corporate MDM for all project access); restriction on cryptocurrency-only payment contractors; regular access log auditing for abnormal data access patterns. The structural challenge: globalized remote work practices and the financial infrastructure enabling them are being systematically exploited — requiring security measures calibrated to distinguish legitimate global talent from disguised state actors.