HomeCyber SecurityNorth Korean IT Workers Conducting Data Extortion

North Korean IT Workers Conducting Data Extortion

The Federal Bureau of Investigation (FBI) is providing an update to previously shared guidance regarding Democratic People’s Republic of Korea (North Korea) Information Technology (IT) workers to raise public awareness of their increasingly malicious activity, which has recently included data extortion. FBI is warning the public, private sector, and international community about North Korean IT workers’ continued victimization of US-based businesses. In recent months, in addition to data extortion, FBI has observed North Korean IT workers leveraging unlawful access to company networks to exfiltrate proprietary and sensitive data, facilitate cyber-criminal activities, and conduct revenue-generating activity on behalf of the regime.

Extortion and Theft of Sensitive Company Data

  • After being discovered on company networks, North Korean IT workers have extorted victims by holding stolen proprietary data and code hostage until the companies meet ransom demands. In some instances, North Korean IT workers have publicly released victim companies’ proprietary code.
  • North Korean IT workers have copied company code repositories, such as GitHub, to their own user profiles and personal cloud accounts. While not uncommon among software developers, this activity represents a large-scale risk of theft of company code.
  • North Korean IT workers could attempt to harvest sensitive company credentials and session cookies to initiate work sessions from non-company devices and for further compromise opportunities.

Tips to Protect Your Business

Recommendations for Data Monitoring

  • Practice the Principle of Least Privilege on your networks, to include disabling local administrator accounts and limiting privileges for installing remote desktop applications.
  • Monitor and investigate unusual network traffic, to include remote connections to devices or the installation/presence of prohibited remote desktop protocols or software. North Korean IT workers often have multiple logins into one account in a short period of time from various IP addresses, often associated with different countries.
  • Monitor network logs and browser session activity to identify data exfiltration through easily accessible means such as shared drives, cloud accounts, and private code repositories.
  • Monitor endpoints for the use of software that allows for multiple audio/video calls to take place concurrently.

Recommendations for Strengthening Remote-Hiring Processes

  • Implement identity-verification processes during interviewing, onboarding, and throughout the employment of any remote worker. Cross-check HR systems for other applicants with the same resume content and/or contact information. North Korean IT workers have been observed using artificial intelligence and face-swapping technology during video job interviews to obfuscate their true identities.
  • Educate HR staff, hiring managers, and development teams regarding the North Korean IT worker threat, specifically focusing on changes in address or payment platforms during the onboarding process.
  • Review each applicant’s communication accounts as North Korean IT workers have reused phone numbers (particularly voice-over-IP numbers) and email addresses, on multiple resumes purportedly belonging to different applicants.
  • Verify third-party staffing firms conduct robust hiring practices and routinely audit those practices.
  • Use “soft” interview questions to ask applicants for specific details about their location or education background. North Korean IT workers often claim to have attended non-US educational institutions.
  • Check applicant resumes for typos and unusual nomenclature.
  • Complete as much of the hiring and onboarding process as possible in person.
ReportingIf you suspect you have been approached or victimized by a North Korean IT worker, FBI recommends taking the following actions:

  • Report the suspicious activity to the FBI’s Internet Crime Complaint Center (IC3) at www.IC3.gov as quickly as possible.
  • Evaluate network activity from the suspected employee and their assigned device(s), and use internal intrusion-detection software to capture activity on the suspected device(s).
spot_img
Technology For You
Technology For Youhttps://www.technologyforyou.org
Technology For You - One of the Leading Online TECHNOLOGY NEWS Media providing the Latest & Real-time news on Technology, Cyber Security, Smartphones/Gadgets, Apps, Startups, Careers, Tech Skills, Web Updates, Tech Industry News, Product Reviews and TechKnowledge...etc. Technology For You has always brought technology to the doorstep of the Industry through its exclusive content, updates, and expertise from industry leaders through its Online Tech News Website. Technology For You Provides Advertisers with a strong Digital Platform to reach lakhs of people in India as well as abroad.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img
spot_img

CYBER SECURITY NEWS

TECH NEWS

TOP NEWS

TECH NEWS & UPDATES