- The FBI letter follows three previous ones in as many years
- The declaration aims to educate companies and avoid national collaborators
- Suggested remedies include employing endpoint protection on computer systems and checking applications for “typos and unusual nomenclature”
The FBI has claimed that North Korean IT workers are extorting US companies that have hired them by taking advantage of their access to stealing source code.
In a statement, the agency warned employees of national and international companies turned threat actors, “facilitate cyber activities and conduct revenue-generating activities” using stolen data “on behalf of the regime.”
It recommended endpoint protection and monitoring network logs to identify where data has been compromised on “easily accessible media” such as internal shared drives and cloud storage drives.
FBI Guide to Remote Hiring Processes
The FBI also recommended a litany of actions that amount to knowing who you're hiring, which sounds like good practice, even if you're not particularly concerned about unintentionally hiring a threat actor.
It recommended strict identity verification processes throughout the recruitment process and cross-checking applicants' details against those of others in the stack and in different HR systems.
They also claimed that these applicants are using AI tools to obfuscate their identities, but, if true, they offered little advice to counteract them beyond conducting in-person recruiting processes; which is not always possible.
The agency also suggested that recruiters ask applicants “soft questions” about their whereabouts and identity, but we suggest this is generally good practice.
North Korean IT workers have been a target of the FBI for some time, having issued separate guidance in 2022, 2023 and 2024. In the latter, it expressed concern that people based in the United States were , knowingly or unknowingly helping to facilitate state threat actors by establishing US-based infrastructure such as front-end addresses and companies.
