Published on: January 29, 2025
The Federal Bureau of Investigation has issued a new warning about North Korean IT workers using unlawful system access to steal sensitive data and facilitate cyber-crime activities. The FBI’s public service announcement I-012325-PSA alerts organizations about the “victimization of US-based businesses” as attacks continue.
According to the FBI announcement, victims have experienced proprietary data and code held to ransom, the copying of corporate code repositories to attacker user-profiles and personal cloud accounts, and the attempted harvesting of company credentials and session cookies for further compromise opportunities.
“North Korean IT workers often have multiple logins into one account in a short period of time,” the FBI warned, “from various IP addresses, often associated with different countries.”
The agency emphasizes implementing the principle of least privilege through restricted administrative rights.
“Only allow designated administrator accounts to be used for administrative purposes,” the NSA and FBI advice document said.
Following Department of Justice indictments targeting the North Korean remote IT worker hacking campaign, Michael Barnhart, Mandiant principal analyst at Google Cloud, said that “these legal actions aim to dismantle the support infrastructure and impose substantial obstacles to their continued success.”
The FBI has advised organizations to disable local administrator accounts and limit privileges for installing remote desktop applications, while monitoring for unusual network traffic. Additionally, companies should implement strict identity-verification processes during hiring and onboarding.
“North Korean IT workers have been observed using artificial intelligence and face-swapping technology during video job interviews to obfuscate their true identities,” the FBI warned.
Mandiant recommends several key mitigation strategies, including mandatory video checks for remote workers, continuous education programs about current threats, and the use of U.S. banks for financial transactions to ensure stricter identity verification.
Meanwhile, the FBI emphasized that human resources staff, hiring managers, and development teams should explicitly focus “on changes in address or payment platforms during the onboarding process.”
This warning highlights the ongoing threat of state-sponsored cyber attacks targeting U.S. businesses, as North Korean IT workers continue to seek unauthorized access to corporate systems and sensitive data.
Source of Article
