Beware: North Korean Threats Targeting Remote Workers - What Employers Must Know

NYDFS Issues Urgent Warning

The New York Department of Financial Services (NYDFS) has recently issued a cautionary note to regulated entities regarding the growing threats posed by individuals from North Korea applying for remote technology positions. These threat actors are attempting to infiltrate U.S. company systems under the pretense of seeking employment in Information Technology.

Tactics Used by Threat Actors

These applicants often masquerade as residents of the U.S. or other countries, employing false identities and stolen credentials. They utilize proxy accounts belonging to U.S. individuals, some of whom may knowingly sell their identities. Additionally, they engage in tactics such as:

• Using VPNs to mask their actual locations
• Avoiding video or in-person interviews
• Requesting devices to be shipped to various locations before employment

Recommended Security Measures

To safeguard against these threats, the NYDFS recommends that companies take the following steps:

• Raise awareness among executives and HR about these potential risks through targeted training
• Conduct thorough background checks and identity verification during the hiring process
• Implement technical controls to monitor and track corporate devices
• Limit remote employees' access to only necessary systems and data
• Report suspicious activities to the FBI’s Internal Crime Complaint Center

The NYDFS guidance provides more detailed protocols and examples for implementing these recommendations, emphasizing the importance of vigilance in the current remote work landscape. Federal agencies, including the U.S. Departments of State and Treasury and the FBI, are also actively addressing this threat.