Saturday, February 8, 2025
HomeCyber Security NewsNorth Korean IT Workers Steal Companies Source Codes to Demand Ransomware

North Korean IT Workers Steal Companies Source Codes to Demand Ransomware

Published on

SIEM as a Service

Follow Us on Google News

The Federal Bureau of Investigation (FBI) has issued fresh warnings about malicious activities by North Korean IT workers targeting U.S.-based businesses.

According to the latest update, these IT workers are reportedly engaging in data extortion and stealing sensitive proprietary information, including source codes, from companies.

This activity supports revenue generation for the North Korean regime, raising alarms among private sector companies and international cybersecurity experts.

Extortion Through Source Code Theft

The FBI revealed that the modus operandi of these workers involves infiltrating corporate networks and exfiltrating sensitive data, including company source codes.

Once discovered, they resort to extortion, holding the stolen data hostage while demanding ransom payments. In some instances, these perpetrators have gone as far as publicly releasing proprietary code to escalate pressure on the victim organizations.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

What makes these incidents even more concerning is the techniques employed by North Korean IT workers.

They reportedly replicate entire company code repositories, such as those stored on platforms like GitHub, onto personal accounts.

These actions create business vulnerabilities, as the stolen source code and sensitive credentials can be misused to facilitate further cyberattacks or unauthorized system access.

Sophisticated Deception Tactics

The FBI also highlighted how North Korean operatives exploit remote hiring practices to secure jobs in IT roles.

They use advanced tactics like artificial intelligence and face-swapping technology to conceal their identities during video interviews.

Additionally, these workers have been known to reuse resumes, email addresses, and even phone numbers across multiple job applications, raising the need for companies to strengthen their hiring protocols.

The FBI has urged organizations to adopt proactive measures to protect their systems and data:

  1. Enhanced Data Monitoring: Businesses should monitor unusual network traffic and investigate instances of multiple logins from various IPs, especially across different countries.
  2. Strengthening Remote Hiring: Companies must implement rigorous identity verification during interviews and onboarding. HR teams are advised to review applicants’ backgrounds and verify details like education history and communication accounts.
  3. Restricting Network Privileges: Organizations should follow the principle of least privilege by disabling local administrator accounts and limiting access to remote desktop applications.

This recent wave of cyberattacks underscores the growing sophistication of North Korea’s cyber operations.

By leveraging stolen data for financial gain, the country continues to weaponize its IT workforce for state-sponsored revenue generation.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Hackers Leveraging Image & Video Attachments to Deliver Malware

Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...