Company hit by cyberattack after hiring North Korean criminal

A company fell victim to a hacker attack after inadvertently hiring a North Korean cybercriminal as a remote IT employee. The as-yet-unidentified company hired the technician who falsified his work history and personal information.

After gaining access to the company’s computer network, the hacker stole sensitive company data and demanded a ransom. The company, based in the UK, USA or Australia, has decided not to reveal its identity.

In response, SecureWorks cyber responders were brought in to report the hack and raise awareness to prevent similar incidents. According to Secureworks, the person, who is believed to be male, was hired as an IT employee in the summer.

Using the company’s remote work tools, he accessed the company network and secretly downloaded significant amounts of company data. The person remained employed at the company for four months and received a salary.

Researchers suspect that the salary was probably funneled to North Korea through a complex money laundering process to avoid Western sanctions.

After the company was fired for poor performance, I received ransom emails with some of the stolen data and a demand for a six-figure amount in cryptocurrency.

The hacker threatened to publish or sell the stolen information online if the company did not comply. The company did not disclose whether the ransom was paid.

The United States and South Korea have accused North Korea of ​​hiring thousands of people to remotely take on multiple well-paid Western roles to generate revenue for the regime and evade sanctions.

In September, cybersecurity firm Mandiant reported that dozens of Fortune 100 companies had accidentally employed North Koreans.

The incident is the latest in a series of cases in which remote workers in the Western world were found to be North Koreans.