FBI claims North Korean workers are hacking the US companies which hired them

News
By
published

The FBI’s campaign against the employment of state-sponsored threat actors rumbles on

Hacker silhouette working on a laptop with North Korean flag on the background
(Image credit: Getty Images)
  • The FBI’s missive follows three previous ones in as many years
  • Statement is aimed at educating businesses and warding off domestic collaborators
  • Suggested remedies include employing endpoint protection on computer systems and checking applications for “typos and unusual nomenclature”

The FBI has claimed North Korean IT workers are extorting US companies which have hired them by leveraging their access to steal source code.

In a statement, the agency warned domestic and international firms employees turned threat actors, “facilitate cyber-criminal activities and conduct revenue-generating activity” using stolen data “on behalf of the regime.”

It recommended endpoint protection, and monitoring network logs to identify where data has been compromised across “easily accessible means” like shared internal drives and cloud storage drives.

FBI guidance on remote hiring processes

The FBI also recommended a litany of actions that all amount to taking care to know who you’re hiring, which sounds like good practice even if you’re not especially worried about unwittingly hiring a threat actor.

It recommended stringent identity verification processes throughout the recruitment process and cross-checking applicants’ details against that of others in the pile, and across different HR systems.

It also claimed these applicants are using AI tools to obfuscate their identities, but, if true, offered little advice to counter them beyond conducting recruitment processes in person; which isn’t always possible.

The agency also suggested recruiters ask applicants “soft questions” about their whereabouts and identity, but we’d suggest that this is good practice all round too.

North Korean IT workers have been a target of the FBI for some time, having released separate guidance in 2022, 2023, and 2024. In the latter, it expressed concern that US-based individuals were, knowingly or unknowingly, helping facilitate state-sponsored threat actors by setting up US-based infrastructure such as front addresses and businesses.

You may also like

Luke Hughes
Luke Hughes
Staff Writer

 Luke Hughes holds the role of Staff Writer at TechRadar Pro, producing news, features and deals content across topics ranging from computing to cloud services, cybersecurity, data privacy and business software.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.