A company has fallen victim to a cyber attack after inadvertently hiring a North Korean hacker as a remote IT contractor. The unidentified firm, which operates in the UK, US, or Australia, was targeted after the technician falsified his employment history and personal details to secure the position.
The incident highlights growing concerns over the infiltration of Western companies by North Korean cybercriminals, with experts noting a rise in such cases in recent years. The company allowed cybersecurity responders from Secureworks to disclose the breach in a bid to raise awareness among other organizations.
The technician, believed to be a man, was contracted during the summer and quickly gained access to the company’s computer network using remote working tools. Once inside, he downloaded sensitive data before issuing a ransom demand to the firm. After working for four months and receiving a salary, the contractor was terminated due to poor performance. It is suspected that his earnings were funneled back to North Korea through complex laundering schemes designed to evade Western sanctions.
Following his dismissal, the firm received ransom emails containing some of the stolen data along with a demand for a six-figure payment in cryptocurrency. The hacker threatened to publish or sell the stolen information online if the ransom was not paid. The company has not disclosed whether it complied with the ransom demand.
This incident is part of a disturbing trend, as authorities and cybersecurity experts have warned of an increasing number of covert North Korean workers infiltrating Western firms. The US and South Korea allege that North Korea has tasked thousands of individuals to take on high-paying remote jobs to generate revenue for the regime and circumvent international sanctions.
In September, cybersecurity firm Mandiant reported that dozens of Fortune 100 companies had unknowingly hired North Koreans. Rafe Pilling, Director of Threat Intelligence at Secureworks, described this incident as a “serious escalation of the risk” posed by fraudulent North Korean IT workers. “No longer are they just after a steady paycheck; they are looking for higher sums, more quickly, through data theft and extortion from inside the company defenses,” he noted.
This incident follows another case in July when a North Korean IT worker attempted to hack their employer, cybersecurity firm KnowBe4. The company quickly disabled the worker’s access after detecting suspicious behavior, highlighting the importance of vigilance in hiring practices.
Authorities are urging employers to exercise caution when onboarding new hires, especially those in fully remote positions, to safeguard against potential cyber threats. The incident serves as a stark reminder of the risks associated with remote work and the need for thorough vetting processes.
