Organizations in the public and private sectors across the U.S. have been warned by the FBI regarding North Korean IT workers' source code exfiltration and extortion activities against remotely infiltrated entities, reports BleepingComputer.
"North Korean IT workers could attempt to harvest sensitive company credentials and session cookies to initiate work sessions from non-company devices and for further compromise opportunities," said the FBI in an advisory, which recommended combating potential compromise through local admin account deactivation and restricted remote desktop app permissions, as well as increased network traffic monitoring and more extensive network log reviews. The FBI also urged organizations to vet their third-party staffing firms, inquire about applicants' location or educational background, better examine resumes, and strive for a mostly in-person onboarding process to prevent possible North Korean IT worker hiring. Such an alert comes as a pair of North Koreans and three others have been indicted by the U.S. Justice Department over their involvement in a years-long fake remote IT worker scheme aimed at dozens of U.S. firms.