(TLP:CLEAR) Cross-Sector ISAC Report: Threat Overview and Mitigations for the North Korea IT Worker Problem
Created: Thursday, July 10, 2025 - 14:50
Categories: Cybersecurity, Security Preparedness
Summary: WaterISAC is sharing a cross-sector report co-authored by several leading Information Sharing and Analysis Centers (ISACs), including WaterISAC, that focuses on the continuing threat of North Korea IT workers on U.S. organizations. The report brings further awareness to what appears to be an enduring threat that many communities and sectors may not fully understand or appreciate the extent of. Leaders are encouraged to pause, take the time to understand this threat, consider mitigation guidance, and have the appropriate conversations with staff across their organization.
Analyst Note: Insider threats continue to pose a persistent threat to the water and wastewater sector. Furthermore, this campaign underscores the growing security threat that hostile nation states – Russia, China, Iran, and North Korea – pose to critical infrastructure organizations.
The campaign’s goals are to gain employment at an organization for two distinct purposes:
- To get paid as a freelance / contract worker, which will generate revenue for North Korean programs.
- While some workers may complete activities to earn a paycheck, they may also use their access to the organization’s network to collect sensitive or proprietary information, which they can later use to extort the company.
Organizations are encouraged to conduct an end-to-end review of their employee population and their applicants (pending or previously applied) to assess the risk within the organization. Using the indicators mentioned in the report, organizations can quickly understand the impact, if any, and ultimately strengthen their processes against this threat or others.
Original Source: Access the full report below.
Additional Reading:
- Justice Department Announces Coordinated, Nationwide Actions to Combat North Korean Remote Information Technology Workers’ Illicit Revenue Generation Schemes
- FBI Public Service Announcement: North Korean IT Workers Conducting Data Extortion
Related WaterISAC PIRs: 6, 7, 10, 12