Sunday, April 13, 2025
HomeCyber Security NewsNorth Korean IT Workers Steal Companies Source Codes to Demand Ransomware

North Korean IT Workers Steal Companies Source Codes to Demand Ransomware

Published on

SIEM as a Service

Follow Us on Google News

The Federal Bureau of Investigation (FBI) has issued fresh warnings about malicious activities by North Korean IT workers targeting U.S.-based businesses.

According to the latest update, these IT workers are reportedly engaging in data extortion and stealing sensitive proprietary information, including source codes, from companies.

This activity supports revenue generation for the North Korean regime, raising alarms among private sector companies and international cybersecurity experts.

- Advertisement - Google News

Extortion Through Source Code Theft

The FBI revealed that the modus operandi of these workers involves infiltrating corporate networks and exfiltrating sensitive data, including company source codes.

Once discovered, they resort to extortion, holding the stolen data hostage while demanding ransom payments. In some instances, these perpetrators have gone as far as publicly releasing proprietary code to escalate pressure on the victim organizations.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

What makes these incidents even more concerning is the techniques employed by North Korean IT workers.

They reportedly replicate entire company code repositories, such as those stored on platforms like GitHub, onto personal accounts.

These actions create business vulnerabilities, as the stolen source code and sensitive credentials can be misused to facilitate further cyberattacks or unauthorized system access.

Sophisticated Deception Tactics

The FBI also highlighted how North Korean operatives exploit remote hiring practices to secure jobs in IT roles.

They use advanced tactics like artificial intelligence and face-swapping technology to conceal their identities during video interviews.

Additionally, these workers have been known to reuse resumes, email addresses, and even phone numbers across multiple job applications, raising the need for companies to strengthen their hiring protocols.

The FBI has urged organizations to adopt proactive measures to protect their systems and data:

  1. Enhanced Data Monitoring: Businesses should monitor unusual network traffic and investigate instances of multiple logins from various IPs, especially across different countries.
  2. Strengthening Remote Hiring: Companies must implement rigorous identity verification during interviews and onboarding. HR teams are advised to review applicants’ backgrounds and verify details like education history and communication accounts.
  3. Restricting Network Privileges: Organizations should follow the principle of least privilege by disabling local administrator accounts and limiting access to remote desktop applications.

This recent wave of cyberattacks underscores the growing sophistication of North Korea’s cyber operations.

By leveraging stolen data for financial gain, the country continues to weaponize its IT workforce for state-sponsored revenue generation.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Threat Actors Manipulate Search Results to Lure Users to Malicious Websites

Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate...

Hackers Imitate Google Chrome Install Page on Google Play to Distribute Android Malware

Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as...

Dangling DNS Attack Allows Hackers to Take Over Organization’s Subdomain

Hackers are exploiting what's known as "Dangling DNS" records to take over corporate subdomains,...

HelloKitty Ransomware Returns, Launching Attacks on Windows, Linux, and ESXi Environments

Security researchers and cybersecurity experts have recently uncovered new variants of the notorious HelloKitty...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Threat Actors Manipulate Search Results to Lure Users to Malicious Websites

Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate...

Hackers Imitate Google Chrome Install Page on Google Play to Distribute Android Malware

Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as...

Dangling DNS Attack Allows Hackers to Take Over Organization’s Subdomain

Hackers are exploiting what's known as "Dangling DNS" records to take over corporate subdomains,...