A company recently found itself in a difficult situation after it accidentally hired a North Korean IT worker, who later stole sensitive data and attempted to extort the company after being fired. According to the BBC, the unidentified firm, which is based in the UK, US and Australia, hired the North Korean cyber criminal after he faked his employment history and personal details. He was hired in the summers as a contractor and worked for the firm for four months. Once he had access to the company’s computer network, he downloaded sensitive company data and sent a ransom demand.
The BBC reported that the man used the firm’s remote working tools to log into the corporate network. He then secretly downloaded as much company data as possible as soon as he had gained access to internal systems.
Once the company fired him for poor performance, it reportedly received emails containing some of the stolen data and a demand to be paid a six-figure sum in cryptocurrency. If the company did not pay, the hacker said he would publish or sell the stolen information online.
The company did not wish to be named. It also did not disclose whether they paid the ransom or not. However, the firm allowed cyber responders from Secureworks to report the hack to spread awareness and warn others.
Secureworks reported that this incident is the latest in a string of cases of Western remote workers being unmasked as North Koreans. Once hired, these cyber criminals use their employee access to download sensitive company data. In some cases, they use the data to extort their former employers.
Also Read | Organ Donor In US Wakes Up On Operating Table As Doctors Prepare To Remove His Heart
Cybersecurity authorities have been warning about the rise of North Korean infiltrators since 2022. The US and South Korea have also accused North Korea of tasking thousands of staff to take on multiple well-paid Western roles remotely to earn money for the regime and avoid sanctions. However, according to Rafe Pilling, Director of Threat Intelligence at Secureworks, secret IT workers turning on their employers with cyber attacks is rare.
“This is a serious escalation of the risk from fraudulent North Korean IT worker schemes,” Mr Pilling was quoted as saying by the BBC. “No longer are they just after a steady pay check, they are looking for higher sums, more quickly, through data theft and extortion, from inside the company defences.”
Authorities warned employers to be vigilant about new hired if they are fully remote.
