North Korean IT Workers Steal Companies Source Codes to Demand Ransomware

The Federal Bureau of Investigation (FBI) has issued fresh warnings about malicious activities by North Korean IT workers targeting U.S.-based businesses.

According to the latest update, these IT workers are reportedly engaging in data extortion and stealing sensitive proprietary information, including source codes, from companies.

This activity supports revenue generation for the North Korean regime, raising alarms among private sector companies and international cybersecurity experts.

Extortion Through Source Code Theft

The FBI revealed that the modus operandi of these workers involves infiltrating corporate networks and exfiltrating sensitive data, including company source codes.

Once discovered, they resort to extortion, holding the stolen data hostage while demanding ransom payments. In some instances, these perpetrators have gone as far as publicly releasing proprietary code to escalate pressure on the victim organizations.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

What makes these incidents even more concerning is the techniques employed by North Korean IT workers.

They reportedly replicate entire company code repositories, such as those stored on platforms like GitHub, onto personal accounts.

These actions create business vulnerabilities, as the stolen source code and sensitive credentials can be misused to facilitate further cyberattacks or unauthorized system access.

Sophisticated Deception Tactics

The FBI also highlighted how North Korean operatives exploit remote hiring practices to secure jobs in IT roles.

They use advanced tactics like artificial intelligence and face-swapping technology to conceal their identities during video interviews.

Additionally, these workers have been known to reuse resumes, email addresses, and even phone numbers across multiple job applications, raising the need for companies to strengthen their hiring protocols.

The FBI has urged organizations to adopt proactive measures to protect their systems and data:

1. Enhanced Data Monitoring: Businesses should monitor unusual network traffic and investigate instances of multiple logins from various IPs, especially across different countries.
2. Strengthening Remote Hiring: Companies must implement rigorous identity verification during interviews and onboarding. HR teams are advised to review applicants’ backgrounds and verify details like education history and communication accounts.
3. Restricting Network Privileges: Organizations should follow the principle of least privilege by disabling local administrator accounts and limiting access to remote desktop applications.

This recent wave of cyberattacks underscores the growing sophistication of North Korea’s cyber operations.

By leveraging stolen data for financial gain, the country continues to weaponize its IT workforce for state-sponsored revenue generation.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar