Company hacked after accidentally hiring a North Korean cybercriminal for a remote job

A company recently found itself in a difficult situation after accidentally hiring a North Korean IT employee who later stole sensitive data and attempted to blackmail the company after being fired. According to the BBCThe unidentified company, based in the UK, US and Australia, hired the North Korean cybercriminal after he falsified his work history and personal information. He was hired as a contractor in the summer and worked for the company for four months. Once he had access to the company’s computer network, he downloaded sensitive company data and demanded a ransom.

The BBC reported that the man was using the company’s remote work tools to log into the company network. He then secretly downloaded as much company data as possible once he gained access to internal systems.

After the company fired him for poor performance, it reportedly received emails containing some of the stolen data and a demand to pay a six-figure sum in cryptocurrency. If the company didn’t pay, the hacker said he would publish or sell the stolen information online.

The company did not want to be named. It was also not disclosed whether they had paid the ransom or not. However, the company allowed Secureworks cyber responders to report the hack to raise awareness and warn others.

Secureworks reported that this incident is the latest in a series of cases in which Western remote workers have been exposed as North Koreans. Once hired, these cybercriminals use their employees’ access to download sensitive company data. In some cases, they use the data to blackmail their former employers.

Also read | Organ donor in US wakes up on operating table as doctors prepare to remove his heart

Cybersecurity authorities have been warning about the rise of North Korean intrusions since 2022. The United States and South Korea have also accused North Korea of ​​hiring thousands of employees to take on multiple well-paid Western roles remotely to make money for the regime and avoid sanctions. However, according to Rafe Pilling, Director of Threat Intelligence at Secureworks, it is rare for clandestine IT employees to target their employers with cyberattacks.

“This is a serious escalation in the risk of fraudulent North Korean IT employee programs,” Mr. Pilling was quoted as saying by the BBC. “They are no longer just looking for a steady paycheck, but are more quickly seeking larger amounts through data theft and corporate defense extortion.”

Authorities warned employers to be vigilant about new hires working entirely from home.