The company was hacked after accidentally hiring a North Korean cybercriminal for a remote IT position

An unknown company fell victim to a North Korean cybercriminal who was hired as a remote IT worker and hacked the company’s system, the BBC reported. The company, based in the UK, US and Australia, did not want to be named.

The company hired the North Korean technician online, who falsified his work history and personal information.

After gaining access to the company’s computer network, the hacker downloaded sensitive data and demanded a ransom.

This is the latest case in a series of such cyber crimes in which a North Korean man was disguised as a Western remote worker.

The company allowed SecureWorks cyber responders to report the hack to raise awareness and warn others. Secureworks said the IT employee, believed to be a man, was hired as a contractor over the summer. He used the company’s remote work tools to log into the company network.

He then downloaded as much company data as possible once he gained access to internal systems. The man worked for the company for four months and even collected his salary.

Researchers say this was likely diverted to North Korea in a complex money laundering process to evade Western sanctions against the country.

View | “Cybercrime is the new geopolitical weapon:” Former Foreign Minister Shyam Saran

After the company fired him for poor performance, it received ransom emails containing some of the stolen data and demanding a six-figure amount to be paid in cryptocurrency.

The man threatens to publish or sell all stolen information online if his demands are not met. The company did not disclose whether it paid the ransom.

This case was not an isolated incident – cybersecurity authorities have been warning about the increase in North Korean intrusions since 2022.

The United States and South Korea have accused North Korea of ​​hiring thousands of employees to take on multiple well-paid Western roles remotely to make money for the regime and avoid sanctions.

In September, cybersecurity company Mandiant announced that dozens of Fortune 100 companies had accidentally hired North Koreans. However, cases of North Korean employees hacking their employers remain rare.

“This is a serious escalation of risk from fraudulent North Korean IT employee programs,” Rafe Pilling, director of threat intelligence at Secureworks, was quoted as saying by the BBC.

“They are no longer just looking for a steady paycheck, but are more quickly seeking larger amounts through data theft and corporate defense extortion.”

(With contributions from agencies)