The FBI has issued a warning about North Korean IT workers infiltrating U.S. and global organizations to steal sensitive data and extort employers.
These individuals, often posing as legitimate IT professionals, exploit remote hiring processes to gain access to source code, company credentials, and sensitive networks.
According to the FBI, North Korean IT workers have been copying company code repositories like GitHub to their personal accounts and cloud storage, presenting a significant theft risk. They also use stolen session cookies and credentials to access networks from unauthorized devices, furthering their cybercriminal activities.
To counter these threats, the FBI recommends companies adopt stricter security measures, such as enforcing the principle of least privilege, disabling local administrator accounts, and monitoring for unusual network activity. Employers are also advised to enhance their hiring processes by verifying candidate identities, checking resumes for inconsistencies, and conducting in-person onboarding whenever possible. Additionally, the FBI warns that North Korean workers are leveraging AI and face-swapping technology to conceal their identities during interviews.
This warning comes as North Korean IT operatives, often referred to as “IT warriors,” continue to impersonate U.S.-based workers and exploit virtual desktop infrastructure (VDI) systems. Beyond data theft, these individuals have been known to extort employers by threatening to leak stolen information.
In a joint statement, the U.S., South Korea, and Japan revealed that North Korean hackers have stolen over $659 million in cryptocurrency in 2024 alone, further highlighting the nation’s cybercriminal activities. The U.S. State Department has even announced multi-million-dollar rewards for information that could disrupt these schemes.
