- The FBI’s missive follows three previous ones in as many years
- Statement is aimed at educating businesses and warding off domestic collaborators
- Suggested remedies include employing endpoint protection on computer systems and checking applications for “typos and unusual nomenclature”
The FBI has claimed North Korean IT workers are extorting US companies which have hired them by leveraging their access to steal source code.
In a statement, the agency warned domestic and international firms employees turned threat actors, “facilitate cyber-criminal activities and conduct revenue-generating activity” using stolen data “on behalf of the regime.”
It recommended endpoint protection, and monitoring network logs to identify where data has been compromised across “easily accessible means” like shared internal drives and cloud storage drives.
FBI guidance on remote hiring processes
The FBI also recommended a litany of actions that all amount to taking care to know who you’re hiring, which sounds like good practice even if you’re not especially worried about unwittingly hiring a threat actor.
It recommended stringent identity verification processes throughout the recruitment process and cross-checking applicants’ details against that of others in the pile, and across different HR systems.
It also claimed these applicants are using AI tools to obfuscate their identities, but, if true, offered little advice to counter them beyond conducting recruitment processes in person; which isn’t always possible.
The agency also suggested recruiters ask applicants “soft questions” about their whereabouts and identity, but we’d suggest that this is good practice all round too.
North Korean IT workers have been a target of the FBI for some time, having released separate guidance in 2022, 2023, and 2024. In the latter, it expressed concern that US-based individuals were, knowingly or unknowingly, helping facilitate state-sponsored threat actors by setting up US-based infrastructure such as front addresses and businesses.