The threat posed by North Korean IT workers to organizations in the US and globally has caught the attention of the FBI, as they work towards increasing awareness about the risks involved.
Beyond the realm of corporate espionage, North Korean IT workers have been found to exploit their access to company networks for various malicious activities. In recent months, the FBI has observed instances where these individuals engage in data extortion, exfiltrate sensitive data, facilitate cyber-criminal operations, and even conduct revenue-generating activities on behalf of the regime.
The concerns over North Korean hackers masquerading as IT freelancers have been highlighted by US authorities since 2022. However, the distinction between legitimate IT workers and those covertly aiding malicious cyber intrusions has remained unclear. While some overseas-based DPRK IT workers provide support to cyber actors based in North Korea, they may not directly engage in malicious activities themselves. Instead, they often facilitate the sale of stolen data, assist in money laundering activities, or share access to virtual infrastructure.
The FBI has issued warnings about North Korean IT workers copying company code repositories to their personal accounts, attempting to harvest company credentials, and holding stolen proprietary data hostage when exposed. In some cases, these workers have publicly released victim companies’ proprietary code as a parting shot.
To combat the threat posed by North Korean IT workers, organizations are advised to implement stringent identity-verification processes during the hiring and onboarding of remote workers. Educating staff on the tell-tale signs of the threat, such as typos in CVs and changes in contact information, is also crucial. The FBI suggests conducting in-person interviews and examining third-party staffing firms for robust hiring practices to prevent the employment of these individuals.
In the event that a North Korean worker manages to gain access to an organization’s network, it is essential to have defenses in place to detect and mitigate potential malicious actions. Monitoring network logs, browser session activity, and network traffic for remote connections are recommended, along with practicing the principle of least privilege on company networks.
The FBI’s efforts to raise awareness about the North Korean IT worker threat underscore the need for vigilance and proactive measures to safeguard organizations from potential cyber threats. By staying informed and implementing robust security practices, businesses can protect themselves against the evolving tactics of malicious actors.