FBI: North Korean IT Workers Steal Source Code To Extort Employers

The FBI warned this week that North Korean IT workers are abusing their access to steal source code and extort U.S. companies that have been tricked into hiring them. From a report: The security service alerted public and private sector organizations in the United States and worldwide that North Korea's IT army will facilitate cyber-criminal activities and demand ransoms not to leak online exfiltrated sensitive data stolen from their employers' networks. 'North Korean IT workers have copied company code repositories, such as GitHub, to their own user profiles and personal cloud accounts. While not uncommon among software developers, this activity represents a large-scale risk of theft of company code,' the FBI said.

'North Korean IT workers could attempt to harvest sensitive company credentials and session cookies to initiate work sessions from non-company devices and for further compromise opportunities.' To mitigate these risks, the FBI advised companies to apply the principle of least privilege by disabling local administrator accounts and limiting permissions for remote desktop applications. Organizations should also monitor for unusual network traffic, especially remote connections since North Korean IT personnel often log into the same account from various IP addresses over a short period of time.

Read more of this story at Slashdot.