A company has been hacked after accidentally hiring a North Korean cyber criminal as a remote IT worker. The unidentified firm hired the technician after he faked his employment history and personal details. Once given access to the company’s computer network, the hacker downloaded sensitive company data and sent a ransom demand.
The firm, which is based in the UK, US, or Australia, did not want to be named. It has allowed cyber responders from Secureworks to report the hack to spread awareness and warn others. This incident is the latest in a string of cases of western remote workers being unmasked as North Koreans.
Secureworks said the IT worker, thought to be a man, was hired in the summer as a contractor. He used the firm’s remote working tools to log into the corporate network and secretly downloaded as much company data as possible as soon as he had gained access to internal systems. He worked for the firm for four months, collecting a salary that was likely redirected to North Korea through a complex laundering process to evade western sanctions on the country.
After the company sacked him for poor performance, it received ransom emails containing some of the stolen data and a demand for a six-figure sum in cryptocurrency.
North Korean hackers infiltrate companies
If the company did not pay, the hacker threatened to publish or sell the stolen information online.
The firm did not disclose whether the ransom was paid. Since 2022, authorities and cyber defenders have warned about the rise of North Korean workers infiltrating western companies. The US and South Korea accuse North Korea of tasking thousands of staff to take on multiple well-paid western roles remotely to earn money for the regime and avoid sanctions.
In September, cybersecurity company Mandiant found that dozens of Fortune 100 companies had accidentally hired North Koreans. However, secret IT workers turning on their employers with cyber attacks is rare, according to Rafe Pilling, Director of Threat Intelligence at Secureworks. “This is a serious escalation of the risk from fraudulent North Korean IT worker schemes,” he said.
“No longer are they just after a steady paycheck; they are looking for higher sums more quickly through data theft and extortion from inside the company defenses.”
The incident follows another case where a North Korean IT worker was caught attempting to hack their employer in July. The IT worker was hired by the cybersecurity company KnowBe4, which quickly disabled access to their systems when it noticed strange behavior. KnowBe4 says the fake worker used AI to alter an existing stock image.
Authorities are warning employers to be vigilant about new hires if they are fully remote, emphasizing the need for thorough background checks and monitoring for unusual activities.
