Agency Report
A company has fallen victim to a cyberattack after inadvertently employing a North Korean criminal as a remote IT technician. The unidentified firm was deceived when the hacker falsified his employment history and personal information.
Access Granted and Data Compromised
Once hired, the technician gained access to the company’s computer network, where he proceeded to download sensitive data. Shortly thereafter, he issued a ransom demand to the firm, which operates in the UK, US, or Australia, but has chosen to remain unnamed. The company has collaborated with cyber responders to alert others about the breach.
The Infiltration
According to cybersecurity experts, the IT worker, believed to be male, was contracted during the summer. Using the firm’s remote working tools, he logged into the corporate network and covertly downloaded extensive company data shortly after gaining access to the internal systems. He worked for four months, collecting a salary that researchers suspect was funneled back to North Korea through a complex laundering scheme designed to circumvent international sanctions.
Ransom Demand
After the firm terminated his employment due to poor performance, it received ransom emails that included some of the stolen data and a demand for a six-figure sum in cryptocurrency. The hacker warned that if the ransom was not paid, he would publish or sell the stolen information online. The firm has not disclosed whether it paid the ransom.
Rising Threat of North Korean Infiltration
Since 2022, authorities have sounded the alarm about the increasing number of North Korean operatives infiltrating Western companies. The US and South Korea accuse North Korea of deploying thousands of workers to secure lucrative remote positions to generate revenue for the regime and evade sanctions.
Unmasking Deceptive Profiles
Recent findings indicate that many Fortune 100 companies have unwittingly hired North Korean workers. Cyber researchers have uncovered fake profiles with fabricated credentials used by these individuals to secure employment.
Escalating Cyber Risks
The trend of IT workers turning against their employers in cyberattacks is considered rare, according to a Director of Threat Intelligence. “This is a serious escalation of the risk from fraudulent North Korean IT worker schemes,” he stated. “No longer are they just after a steady paycheck; they are looking for higher sums, more quickly, through data theft and extortion, from inside the company defenses.”
A Cautionary Tale
This incident follows a similar case in July when another North Korean IT worker attempted to hack his employer. The hiring firm quickly disabled the worker’s access upon noticing unusual activity.
Authorities are urging companies to exercise caution when hiring new remote employees, emphasizing the importance of thorough background checks and verification processes.