A company recently found itself in a tough spot after accidentally hiring a North Korean IT worker, who later stole sensitive data and tried to extort the company after he was fired. According to the BBCthe unknown company, based in Britain, the US and Australia, hired the North Korean cybercriminal after falsifying his employment history and personal information. He was hired as a contractor in the summer and worked for the company for four months. Once he gained access to the company’s computer network, he downloaded sensitive company data and sent a ransom demand.
The BBC reported that the man used the company’s remote work tools to log into the company network. He then secretly downloaded as much company data as possible once he gained access to internal systems.
After the company fired him for poor performance, it reportedly received emails containing some of the stolen data and a demand to pay a six-figure sum in cryptocurrency. If the company didn’t pay, the hacker said he would publish or sell the stolen information online.
The company did not want to be named. It also did not reveal whether they paid the ransom or not. However, the company allowed Secureworks cyber responders to report the hack to raise awareness and warn others.
Secureworks reported that this incident is the latest in a series of cases where Western remote workers have been exposed as North Koreans. Once hired, these cybercriminals use their employees’ access to download sensitive company data. In some cases, they use the data to extort their former employers.
Also read | Organ donor in the US wakes up on the operating table as doctors prepare to remove his heart
Cyber security authorities have been warning about the rise of North Korean infiltrators since 2022. The US and South Korea have also accused North Korea of ordering thousands of employees to take on multiple high-paying Western positions remotely to make money for the regime and avoid sanctions. However, according to Rafe Pilling, director of Threat Intelligence at Secureworks, it is rare for covert IT workers to turn against their employers with cyber attacks.
“This is a serious escalation in the risk of fraudulent North Korean IT employee schemes,” Pilling told the BBC. BBC. “They are no longer just looking for a stable salary, they are looking for higher amounts, faster, through data theft and extortion, from the defense of the company.”
Authorities warned employers to be vigilant about new hires if they are fully remote.