Company hacked after accidentally hiring North Korean cyber criminal as remote IT worker
Oct 18, 2024
A North Korean cyber criminal managed to get hired as a remote IT worker at an unidentified company and proceeded to hack it, the BBC has reported.
The company, based either in the UK, US or Australia, did not wish to be named. However, it allowed cybersecurity firm Secureworks to publish details of the cyber attack to highlight growing infiltration by North Korean cyber criminals.
Here’s what happened
Secureworks reported how North Korean criminals have begun using falsified data to get hired at Western companies as remote employees. Once hired, these criminals use their employee access to download sensitive company data. In some cases, they use the data to extort their former employers.
In one particular case, reported by BBC, the cyber criminal, believed to be a man, was hired in the summer as a contractor. Using his remote working tools and employee access, he managed to hack into the corporate network.
The North Korean criminal began downloading sensitive information about the firm as soon as he gained access. While he was transferring confidential information outside the company, he collected a salary from the firm too.
In fact, the cyber criminal managed to collect four months’ salary before he was fired for poor performance. However, the company began to receive ransom emails after sacking the remote worker.
The criminal posing as an IT contractor threatened to sell or publish the sensitive data if he was not paid. It is not clear whether the company paid the demanded ransom.
This case was not an isolated incident - cybersecurity authorities have been warning about the rise of North Korean infiltrators since 2022.
Western countries accuse North Korean workers of using fake data to get hired at well-paid, remote positions online, thereby bypassing sanctions. However, cases of North Korean employees hacking their employers remain rare.
"This is a serious escalation of the risk from fraudulent North Korean IT worker schemes," Rafe Pilling, Director of Threat Intelligence at Secureworks, was quoted as saying by the BBC.
"No longer are they just after a steady pay check, they are looking for higher sums, more quickly, through data theft and extortion, from inside the company defences."
[The Hindustan Times]