Summary: The FBI has updated its guidance on North Korean IT workers, highlighting their malicious activities including data extortion and theft of sensitive company information. These workers have been leveraging unlawful access to networks to exfiltrate data and conduct cyber-criminal activities. The FBI warns of the increasing threat posed by these actors to U.S.-based businesses and provides recommendations for protection and reporting suspicious activities.
Threat Actor: North Korean IT Workers | North Korean IT Workers
Victim: U.S.-based Businesses | U.S.-based Businesses
Keypoints :
- North Korean IT workers have been extorting companies by holding stolen proprietary data hostage.
- They have been observed copying company code repositories to personal accounts, posing a significant risk of theft.
- Recommendations include implementing identity-verification processes and monitoring network activity for unusual behavior.
Source: https://www.ic3.gov/PSA/2025/PSA250123