The FBI has issued a warning about North Korean programmers who are stealing source code and confidential data from US companies for extortion purposes.
These workers, who are often hired remotely, use their access to company systems to copy code from repositories like GitHub.
Once hired, they can use the stolen credentials to access company networks from different locations and cause further damage. Once fired, these employees threaten to leak stolen data if companies don't pay a ransom.
To protect against this, the FBI advises companies to restrict remote access permissions, monitor unusual network activity, and thoroughly vet candidates during hiring. This includes identity checks and reviewing resumes for inconsistencies. They also recommend working with staffing firms that adhere to strict hiring practices.
North Korean IT professionals are infiltrating companies around the world, using fake identities and other technologies to hide their past.