Company Hacked After Hiring North Korean Cybercriminal as Remote IT Worker
A company, which remains unnamed, has fallen victim to a significant data breach after unknowingly hiring a North Korean cybercriminal as a remote IT contractor. The cyber attacker, who faked their identity and employment credentials, gained access to the firm’s sensitive systems, ultimately leading to a data theft incident and ransom demand.
The hack was discovered after the employee, who worked for the company for four months, was dismissed for poor performance. It was revealed that during this time, the criminal had used the company’s remote access tools to download confidential information. Following the dismissal, the hacker sent the firm a ransom email demanding a six-figure cryptocurrency payment in exchange for not releasing or selling the stolen data online.
The firm, based in either the UK, US, or Australia, has chosen to remain anonymous. However, they permitted cybersecurity experts from Secureworks, who investigated the breach, to report the case to raise awareness about the growing threat of North Korean operatives infiltrating global companies. This incident is part of a rising trend where North Korean workers have posed as IT professionals, seeking employment with Western firms as a means to funnel earnings back to the North Korean regime, avoiding international sanctions.
Rafe Pilling, Director of Threat Intelligence at Secureworks, highlighted the gravity of the situation, stating, “This marks a serious escalation, where fraudulent North Korean IT workers are no longer just looking for regular salaries but are engaging in data theft and extortion from within the company.”
Authorities have been cautioning businesses about the risks posed by fully remote hires, especially as North Korea has reportedly tasked thousands of its citizens to work covertly in Western companies. In previous cases, cybersecurity firms like Mandiant have identified similar incidents, with North Koreans infiltrating major corporations. However, incidents involving internal attacks, such as this one, are relatively rare.
This case adds to the growing concerns over cyber infiltration by North Korean operatives, with experts urging companies to exercise greater caution when hiring remote employees.
The firm has not disclosed whether they paid the ransom.