North Korean IT Workers Targeting US Businesses: FBI Warns

Warning Issued by Federal Bureau of Investigation

The Federal Bureau of Investigation (FBI) has issued a warning to US businesses and individuals about the threat posed by North Korean IT workers who are evading sanctions by targeting private companies in the United States.

Techniques Used by North Korean IT Workers

According to the FBI, these IT workers use various techniques to obfuscate their identities, including:

• Leveraging unwitting US-based individuals to gain fraudulent employment and access to US company networks
• Using remote desktop connections and other unauthorized means to access company networks
• Setting up US-based infrastructure
• Reshipping laptops to North Korea
• Creating financial accounts

They have also been known to create fake job postings on popular job search sites and attend virtual interviews on behalf of North Korean IT workers.

Recommendations for Protection

To protect themselves from these schemes, the FBI recommends that businesses implement identity verification processes during hiring, including:

• Monitoring applicants for changes in addresses
• Noting unusual network traffic or inconsistencies in interviews

Individuals are also advised to be cautious when receiving seemingly random job offers or outreach on social media platforms. If you receive a W-4 or 1099-NEC form for a job you didn’t hold, contact the business and the FBI immediately.

Reporting Suspicious Activity

If you suspect that your business has been targeted by a North Korean IT worker scheme, report it to the FBI’s Internet Crime Complaint Center (IC3) and evaluate network activity from the suspected employee.