FBI warns of North Korean hackers using VPNs to infiltrate businesses
VPN services, stolen identification documents and fake social media accounts: These are some of the methods North Korean hackers have used to trick US companies into hiring them as IT telecommuters, the FBI warns.
Although they are unsure when such a campaign began, researchers believe that thousands of IT freelancers from North Korea have managed to land jobs at US companies over the past five years, at least by hiding their identities. It is believed that workers use this money to finance Kim Jong-un’s weapons, steal trade secrets and plant malware.
Following the latest evidence, both US and South Korean authorities have updated their positions guidelines to help employers avoid hiring North Korean agents as freelancers.
FBI guidelines for IT workers in the DPRK
“North Korea has flooded the global marketplace with ill-intentioned information technology workers,” said Jay Greenberg, FBI agent in charge of the St. Louis Division.The Register reports this.
In the latest effort to curb the activities of North Korean hackers, Greenberg’s division managed to grab approximately $1.5 million and 17 web domain names used in the deceptive campaign as part of the investigation. However, it is believed that employees affiliated with the Democratic People’s Republic of Korea (SPRK) are still infiltrating companies.
“This scheme is so prevalent that companies need to be vigilant about verifying who they hire,” he said.
According to authorities, malicious North Korean IT workers have used various techniques to deceive employers while concealing their real identities. Stolen or forged identity documents were used to easily pass online identity checks. It is believed that hackers have even paid US individuals to attend online interviews and video conferences on their behalf.
On a more technical level, they use virtual private networks to spoof their IP address location and increase their anonymity. In addition, they can also create fake social media accounts and/or fake company websites to make them appear more legitimate.
The #FBI and its partners provide an update on the craftsmanship used by North Korean IT workers, with new activity indicators and due diligence measures. Hiring or supporting these employees comes with many risks, from theft to legal consequences. Read more at: https://t.co/cz6bNr7IKk pic.twitter.com/ImL0Tnwv5fOctober 18, 2023
“At a minimum, the FBI recommends that employers take additional proactive steps with remote IT workers to make it more difficult for bad actors to conceal their identities,” Greenberg continued.
As part of the new recommendations, authorities recommend keeping an eye out for suspicious behavior. These include repeated demands for advance payment accompanied by threats to release proprietary source code, continued refusal to appear on camera or take drug tests, using ever-changing freight addresses instead of their home addresses, and more.
The FBI also recommends that employers conduct an online background check to assess whether the same identity is associated with multiple different profiles, while recording all interactions with potential employees.
On an online security level, employers should always require their freelancers to disable their private VPN when accessing company networks. Business owners are also being urged to adopt a strict ‘zero-trust’ cybersecurity approach, denying remote employees access to sensitive company information wherever possible.
It’s also worth remembering that while the tech sector is the biggest target due to higher average salaries, this is just one of the areas in which North Korean hackers are active: John Hultquist, head of threat intelligence at the cybersecurity firm Mandiant, told the Associated Press.
Greenberg said: “Without due diligence, companies risk losing money or being compromised by insider threats they unknowingly invited into their systems.”