A company fell victim to a hack after unintentionally hiring a North Korean cyber-criminal as a remote IT worker. The company, which remains unidentified, hired the technician who had falsified his employment history and personal details.
Once granted access to the company’s computer network, the hacker exfiltrated sensitive company data and demanded a ransom. The company, based in the UK, US, or Australia, chose not to disclose its identity.
In response, cyber responders from SecureWorks were brought in to report the hack and raise awareness to prevent similar incidents. According to Secureworks, the individual believed to be male, was contracted as an IT worker during the summer.
Utilising the company’s remote working tools, he accessed the corporate network and covertly downloaded substantial amounts of company data. The individual remained employed by the company for four months and received a salary.
Researchers suspect that the salary was likely funnelled to North Korea through a complex laundering process to evade Western sanctions.
After being fired by the company due to poor performance, I received ransom emails containing some of the stolen data and a demand for a six-figure sum in cryptocurrency.
The hacker threatened to publish or sell the stolen information online if the company did not comply with the demand. The company did not reveal whether the ransom was paid.
The US and South Korea have accused North Korea of assigning thousands of individuals to take on multiple well-paid Western roles remotely to generate income for the regime and circumvent sanctions.
In September, cybersecurity company Mandiant reported that dozens of Fortune 100 companies had inadvertently employed North Koreans.
The incident is the latest in a series of cases where remote workers in the Western world have been revealed to be North Koreans.