FlagThis

North Korean IT workers are increasingly engaging in aggressive extortion tactics against companies that unknowingly hired them. The FBI and Mandiant have issued warnings about these workers, who exploit remote access to steal sensitive data and demand ransom payments. After being discovered, some of these workers hold stolen data and proprietary code hostage, threatening to publicly release it if demands are not met. There have also been reports of workers attempting to steal code repositories, company credentials, and session cookies for further compromise.

This escalation in tactics is attributed to increased law enforcement action, sanctions, and media coverage, which have impacted the success of their schemes. The US Department of Justice has indicted several individuals, including North Korean nationals, for their involvement in elaborate "laptop farm" schemes. These schemes involve using stolen identities, forged documents and remote access software to deceive companies into hiring North Korean IT workers and generating revenue for the DPRK regime. The indicted individuals are accused of generating over $800,000, which was then laundered, highlighting the sophistication and reach of this cybercrime operation.


References :

• ciso2ciso.com: North Korean Fake IT Workers More Aggressively Extorting Enterprises
• Cyber Security News: North Korean IT Workers Demands Ransomware By Stealing Companies Source Codes
• securityonline.info: North Korean IT Workers Indicted in Elaborate “Laptop Farmâ€� Scheme to Evade Sanctions
• www.justice.gov: This highlights the evolving cybercrime tactics of North Korea
• ciso2ciso.com: North Korean Fake IT Workers More Aggressively Extorting Enterprises
• cybersecuritynews.com: North Korean IT Workers Demands Ransomware By Stealing Companies Source Codes
• www.bleepingcomputer.com: The FBI warns that North Korean IT workers are abusing their access to steal source code and extort US companies that have been tricked into hiring them.
• Techmeme: The FBI warns that North Korean IT workers are abusing their access to steal source code and extort US companies that have been tricked into hiring them (Sergiu Gatlan/BleepingComputer)
• oodaloop.com: DoJ nabs five suspects in North Korean remote worker scheme
• www.computerworld.com: DOJ indicts North Korean conspirators for remote IT work scheme
• CSO Online: DOJ indicts North Korean conspirators for remote IT work scheme
• The420.in: FBI Warns: North Korean Hackers Stealing Source Code to Extort Employers
• ciso2ciso.com: DOJ indicts North Korean conspirators for remote IT work scheme
• www.the420.in: FBI Warns: North Korean Hackers Stealing Source Code to Extort Employers
• : DOJ indicts North Korean conspirators for remote IT work scheme – Source: www.computerworld.com
• Techmeme: The FBI warns that North Korean IT workers are abusing their access to steal source code and extort US companies that have been tricked into hiring them (Sergiu Gatlan/BleepingComputer)
• ciso2ciso.com: US Charges Five People Over North Korean IT Worker Scheme – Source: www.securityweek.com
• www.helpnetsecurity.com: North Korean IT workers are extorting employers, FBI warns
• The Register: North Korean dev who renamed himself 'Bane' accused of IT worker fraud scheme
• The Register - Security: North Korean dev who renamed himself 'Bane' accused of IT worker fraud scheme
• ciso2ciso.com: North Korean dev who renamed himself ‘Bane’ accused of IT worker fraud scheme – Source: go.theregister.com
• Techmeme: The FBI warns that North Korean IT workers are abusing their access to steal source code and extort US companies that have been tricked into hiring them (Sergiu Gatlan/BleepingComputer)
• Help Net Security: North Korean IT workers are extorting employers, FBI warns

Classification:

• HashTags: #NorthKorea #CyberExtortion #ITWorkerFraud
• Target: Various Enterprises
• Attacker: North Korea
• Feature: IT Worker Scheme
• Type: Espionage
• Severity: Major