FBI claims North Korean workers are hacking the US companies which hired them

News
By published

The FBI’s campaign against the employment of state-sponsored threat actors rumbles on

Hacker silhouette working on a laptop with North Korean flag on the background
(Image credit: Getty Images)
  • The FBI’s missive follows three previous ones in as many years
  • Statement is aimed at educating businesses and warding off domestic collaborators
  • Suggested remedies include employing endpoint protection on computer systems and checking applications for “typos and unusual nomenclature”

The FBI has claimed North Korean IT workers are extorting US companies which have hired them by leveraging their access to steal source code.

In a statement, the agency warned domestic and international firms employees turned threat actors, “facilitate cyber-criminal activities and conduct revenue-generating activity” using stolen data “on behalf of the regime.”

It recommended endpoint protection, and monitoring network logs to identify where data has been compromised across “easily accessible means” like shared internal drives and cloud storage drives.

FBI guidance on remote hiring processes

The FBI also recommended a litany of actions that all amount to taking care to know who you’re hiring, which sounds like good practice even if you’re not especially worried about unwittingly hiring a threat actor.

It recommended stringent identity verification processes throughout the recruitment process and cross-checking applicants’ details against that of others in the pile, and across different HR systems.

It also claimed these applicants are using AI tools to obfuscate their identities, but, if true, offered little advice to counter them beyond conducting recruitment processes in person; which isn’t always possible.

The agency also suggested recruiters ask applicants “soft questions” about their whereabouts and identity, but we’d suggest that this is good practice all round too.

North Korean IT workers have been a target of the FBI for some time, having released separate guidance in 2022, 2023, and 2024. In the latter, it expressed concern that US-based individuals were, knowingly or unknowingly, helping facilitate state-sponsored threat actors by setting up US-based infrastructure such as front addresses and businesses.

You may also like

Luke Hughes
Luke Hughes
Staff Writer

 Luke Hughes holds the role of Staff Writer at TechRadar Pro, producing news, features and deals content across topics ranging from computing to cloud services, cybersecurity, data privacy and business software.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Hacker silhouette working on a laptop with North Korean flag on the background
North Korean hackers are targeting LinkedIn jobseekers with new malware - here's how to stay safe
A digital representation of a lock
Looking for a new job? Watch out you don't fall for this new malware scam
A hand reaching out to touch a futuristic rendering of an AI processor.
North Korean fake job hackers are going the extra mile to make sure their scams seem legit
North Korean flag with a hooded hacker
North Korean hackers are posing as software development recruiters to target freelancers
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
Red padlock open on electric circuits network dark red background
CrowdStrike warns of fake job offer scam that is actually just malware
Latest in Security
NHS
NHS IT supplier hit with major fine following ransomware attack
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Latest in News
Waze voice control
Waze is ditching Google Assistant for Gemini on iOS, and for good reasons
Apple Watch Ultra 2 displaying a step count and distance
Using a smartwatch could be a game-changer for people with diabetes, new research suggests
Focal Bathys MG
Focal just upgraded its audiophile noise-cancelling wireless headphones with even better sound, better noise cancelling, and a way higher price
A PC gamer celebrating, sat in a gaming chair in front of a monitor
Windows 11’s Game Bar gets a fresh coat of paint, plus a tweak to work better on handhelds – and I like the direction Microsoft’s heading in here
NHS
NHS IT supplier hit with major fine following ransomware attack
A business woman looking at AI on a transparent screen
Most businesses are now fully embracing AI - but aren't always protected against the risks
More about security
NHS

NHS IT supplier hit with major fine following ransomware attack
Data leak

Top home hardware firm data leak could see millions of customers affected
Apple Watch Ultra 2 displaying a step count and distance

Using a smartwatch could be a game-changer for people with diabetes, new research suggests
See more latest
Most Popular
Apple Watch Ultra 2 displaying a step count and distance
Using a smartwatch could be a game-changer for people with diabetes, new research suggests
Focal Bathys MG
Focal just upgraded its audiophile noise-cancelling wireless headphones with even better sound, better noise cancelling, and a way higher price
Waze voice control
Waze is ditching Google Assistant for Gemini on iOS, and for good reasons
Garmin Fenix 8 vs Enduro 3 comparison
Garmin adds premium Garmin Connect+ tier with AI features – but promises your free experience ‘is not going away’
Microsoft Copilot combines the Microsoft 365 apps, Microsoft Graph and Artificial Intelligence. Isolated 3D logo on a surface
Microsoft adds Copilot AI features to Windows 11's Photos app - and I actually don't hate them
Nintendo Direct live blog.
Nintendo Direct live build-up: no Switch 2, but these are our predictions for what we could see
NHS
NHS IT supplier hit with major fine following ransomware attack
A PC gamer celebrating, sat in a gaming chair in front of a monitor
Windows 11’s Game Bar gets a fresh coat of paint, plus a tweak to work better on handhelds – and I like the direction Microsoft’s heading in here
inZOI.
inZOI early access won't feature Denuvo DRM after all, 'we are committed to making inZOI a highly moddable game'
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
All three rumored Samsung Galaxy S25 Edge colors shown off in ‘official’ images