FBI: North Korean IT Workers Steal Source Code To Extort Employers

The FBI warned this week that North Korean IT workers are abusing their access to steal source code and extort U.S. companies that have been tricked into hiring them. From a report: The security service alerted public and private sector organizations in the United States and worldwide that North Korea's IT army will facilitate cyber-criminal activities and demand ransoms not to leak online exfiltrated sensitive data stolen from their employers' networks. "North Korean IT workers have copied company code repositories, such as GitHub, to their own user profiles and personal cloud accounts. While not uncommon among software developers, this activity represents a large-scale risk of theft of company code," the FBI said.

"North Korean IT workers could attempt to harvest sensitive company credentials and session cookies to initiate work sessions from non-company devices and for further compromise opportunities." To mitigate these risks, the FBI advised companies to apply the principle of least privilege by disabling local administrator accounts and limiting permissions for remote desktop applications. Organizations should also monitor for unusual network traffic, especially remote connections since North Korean IT personnel often log into the same account from various IP addresses over a short period of time.

Okay...

[poofmeisterp]

This blind-sided me.

Who in their effing sane brain chose to outsource sensitive data to NORTH Korea? Even South Korea is a bit dodgy just by proximity, nothing against them.

I would say they deserve it, but it isn't just the companies affected. It's the data.

I don't need to keep going on, but WTF? "Nigerian scams are on the rise, but we need a cheap place to outsource online support. They seem like a very affordable transition." ...????

Re:Okay...

[EvilSS]

They are not hiring NK workers intentionally. They are fraudulently applying for remote work jobs as US citizens, using middlemen or sometimes AI to fool the employer during the interview process. https://www.justice.gov/opa/pr... [justice.gov]

Re:

[Growlley]

Hate to break it to you but the intersection of those 2 categories is a significant % of the world.

Re:

[poofmeisterp]

They are not hiring NK workers intentionally. They are fraudulently applying for remote work jobs as US citizens, using middlemen or sometimes AI to fool the employer during the interview process. https://www.justice.gov/opa/pr... [justice.gov]

Well that makes it seem a little less outright stupid for the companies. Perhaps I need to learn the trade of BS cheating to get work... I think the job I'm at will hold on to me for as long as it's in existence and (KEY HERE) hasn't been bought out because the owner is older than enough to retire with all of his savings. Not to mention the sale of the land. OMFG. When he bought it, it was like $100k. It's worth over a Mil now (at last check).

Back on topic, I think this is my last job but as retirement

Re:

[toxonix]

A lot of US companies have entirely offshored development and IT, and the execs in the business see that as perfectly normal and ethical. Our CFO said the other day that our competition started out with its entire dev staff in Hyderabad and they're doing just fine, and we could be doing the same but the company values our "passion and commitment" (for now) so don't complain about the hiring freezes on "high cost of living locations" or not getting annual raises because tech workers in general have it waaay

Re:

[rsilvergun]

Bullshit. Freaking McDonald's will do a background search and if you lie about graduating high school you won't get hired.

They know exactly what they're doing. They just want cheap labor and plausible deniability.

Re:

[klvino]

It's a two-part problem. Questions around how to improve the hiring process. And then the recurring issue with companies being fast and loose with system credentials.

Re: Questions around how to improve the hiring pr

[drainbramage]

The problem that so many commenters mention has a single common source: H. fricking R.
And if you are a corporate exec or hiring manager that loves your H.R. department then YOU are the problem.

Re:

[gweihir]

NK IT workers are pretending to be located somewhere else. They have gotten quite good at it.

Re:

[poofmeisterp]

NK IT workers are pretending to be located somewhere else. They have gotten quite good at it.

I'm not so blind-sided anymore. Speaking of eyes, I can't even roll them because this is just another... thing. When this doesn't work anymore, the next thing will be....

Re:

[toxonix]

It's pretty hard to hire anyone these days. I've probably interviewed 30+ people for engineering positions. A lot of them were cheating or just not qualified.

Re:

[gweihir]

Yep. I have an interview on Monday for a permanent lecturer position in IT Security (not 100%). Basically to follow the process, but I will still take it seriously to be polite. All that I did was hint at the year-end event last year that I would be willing to do more than the one IT Security lecture I am doing for them at the moment (as external lecturer). They have been trying to find somebody for about 2 years now, nobody qualified applied and I did not want the professorship they advertised.

Everybody ha

Re:Okay...

[smooth wombat]

Who in their effing sane brain chose to outsource sensitive data to NORTH Korea?

There have been several stories on here about NK folks being employed through deceptive practices. In reverse order:

From August 2024, How not to Hire a North Korean IT Spy [slashdot.org]

From May 2024, Arizona Woman Accused of Helping North Koreans Get Remote IT Jobs At 300 Companies [slashdot.org].

And from April 2024, North Koreans Secretly Animated Amazon and Max Shows, Researchers Say [slashdot.org].

For the last story, it appears Amazon would have been unaware NK folks were doing the work because the hiring firms didn't do their diligence.

Perhaps having people come into the office for interviews isn't such a bad thing.

Re:

[rsilvergun]

You have to think like a businessman. The question is how long you can get away with it and how much money you can make while you're getting away with it.

We spend trillions relentlessly and brutally tracking, preventing and punishing petty crime but when it comes to White collar stuff it's mostly underfunded bureaucrats who are in charge of overseeing it. More than once I have seen businesses keep track of which laws they are going to follow and which ones they're going to break based on the estimated c

"tricked"

[Anonymous Coward]

Yeah. Tricked. It's not "sort by price and pick the lowest." They were "tricked."

Re:

[gweihir]

Who is allowing contract developers to have access to their repos from non-controlled endpoints?

Basically everybody. Some banks still pay for company laptops, but they are an exception.

Re: sandboxes

[Viol8]

Nice word salad. Plenty of jobs require ssh access to *nix dev enviroments and once you've got that - assuming scp is disabled - cut n paste from a terminal is slow but easy.

The other side of the work from home argument.

[Fly Swatter]

At least require people to show up for their first day of work at least once before giving out access, stupid companies can't blame anyone but themselves.