A shocking incident has come to light where a company fell victim to a cyber attack after unknowingly hiring a North Korean hacker as a remote IT worker. The unidentified firm, based in the UK, US, or Australia, made the grave mistake of hiring the technician who had falsified his employment history and personal details.
Once granted access to the company’s computer network, the hacker wasted no time in downloading sensitive company data and sending a ransom demand. The company, whose name has not been disclosed, has allowed cyber responders from Secureworks to report the hack in order to spread awareness and caution others about such risks.
This incident is just one in a series of cases where North Korean individuals have infiltrated western companies as remote workers. The hacker, believed to be a man, was hired as a contractor and managed to work for the firm for four months, collecting a salary that was likely redirected to North Korea through a complex laundering process.
After being terminated for poor performance, the hacker retaliated by sending ransom emails containing stolen data and demanding a hefty sum in cryptocurrency. The company was left with a difficult decision to make – pay the ransom or risk having their information leaked or sold online.
Authorities and cyber defenders have been warning about the increasing trend of secret North Korean workers infiltrating western companies since 2022. While it is not uncommon for North Koreans to take on multiple remote roles to earn money for their regime, instances of these workers turning on their employers with cyber attacks are rare.
Rafe Pilling, Director of Threat Intelligence at Secureworks, emphasized the seriousness of the situation, stating, “This is a serious escalation of the risk from fraudulent North Korean IT worker schemes.” The case serves as a stark reminder for companies to be vigilant when hiring remote workers and to take necessary precautions to protect their data and systems from potential threats.