- The FBI missive follows three previous ones in as many years
- The Declaration aims to educate businesses and keep national employees away
- The suggested solutions include using final points protection on computer systems and applications verification to detect “unusual striking faults and nomenclatures”.
The FBI said that North Korean computer scientists extorted the American companies that had hired them by operating their access to steal the source code.
In a press release, the agency warned that employees of national and international companies have become threat actors, “facilitate cybercriminal activities and carry out income -generating activities by using stolen data” in the name of the regime “.
It recommends the protection of final points and the monitoring of network newspapers to identify the places where the data has been compromised by “easily accessible means” such as shared internal discs and cloud storage discs.
FBI advice on remote recruitment processes
The FBI has also recommended a litany of actions which all come back to take care to know who you hire, which seems to be a good practice even if you are not particularly worried to involuntarily hire a threatening actor.
He recommends rigorous identity verification processes throughout the recruitment process and a cross -checking of candidates with that of other candidates and in various HR systems.
He also said that these candidates used AI tools to hide their identity, but if this was true, he only offered little advice to counter them beyond the conduct of recruitment processes in person; Which is not always possible.
The agency has also suggested to recruiters to ask candidates for “soft questions” on their location and identity, but we suggest that this also constitutes good practice at all levels.
North Korean computer scientists have been the target of the FBI for some time, having published separate directives in 2022, 2023 and 2024. In the latter, he was worried that individuals based in the United States helped, knowingly or unconsciously , to facilitate activities sponsored by the state. Threatening players by setting up an infrastructure based in the United States, such as postal addresses and businesses.
