Firm hacked after accidentally hiring North Korean cyber criminal

A company has fallen victim to a cyberattack after inadvertently hiring a North Korean hacker as a remote IT worker. The unidentified firm, which operates in the UK, US, or Australia, became a target when the individual faked his employment history and personal details to secure a position.

After gaining access to the company’s computer network, the hacker downloaded sensitive data and subsequently issued a ransom demand. The firm, preferring to remain anonymous, has allowed cyber responders from Secureworks to disclose the incident in an effort to raise awareness and warn other organizations.

This incident highlights a growing trend of remote workers in Western countries being revealed as North Koreans. Secureworks reported that the hacker, believed to be male, was hired as a contractor in the summer. Utilizing the company’s remote working tools, he logged into the corporate network and began downloading as much data as possible shortly after gaining access.

The hacker was employed by the firm for four months, during which he received a salary that was likely funneled back to North Korea through a complex laundering scheme designed to circumvent international sanctions. Following his dismissal for poor performance, the company received ransom emails featuring some of the stolen data along with a demand for a six-figure payment in cryptocurrency. The hacker threatened to publish or sell the information online if the ransom was not paid.

The firm has not disclosed whether it decided to pay the ransom. Since 2022, both authorities and cybersecurity experts have sounded the alarm about the increasing incidence of North Korean operatives infiltrating Western companies. The US and South Korean governments have accused North Korea of deploying thousands of remote workers to secure lucrative positions, which ultimately help fund the regime while evading sanctions.

In September, cybersecurity firm Mandiant reported that dozens of Fortune 100 companies had unintentionally employed North Korean workers. However, incidents of these secret IT workers launching cyberattacks against their employers remain relatively rare, according to Rafe Pilling, Director of Threat Intelligence at Secureworks.

“This represents a serious escalation in the risks associated with fraudulent North Korean IT worker schemes,” Pilling stated. “These individuals are no longer just looking for a steady paycheck; they are now pursuing higher payouts more quickly through data theft and extortion from within the company.”

This incident follows another case where a North Korean IT worker attempted to hack their employer in July. The individual was hired by the cybersecurity firm KnowBe4, which quickly detected unusual behavior and disabled access to its systems. In a blog post, KnowBe4 detailed their hiring process: “We posted the job, received resumes, conducted interviews, performed background checks, verified references, and hired the person.” However, as soon as the employee received their Mac workstation, it began to load malware.

Authorities are advising employers to exercise heightened vigilance when hiring new remote workers. The potential risks associated with this growing trend underscore the importance of thorough background checks and ongoing monitoring of employee behavior, especially in the remote work environment.

This case serves as a stark reminder of the complexities and challenges organizations face in safeguarding their data in a world where remote work is increasingly common. Companies must remain vigilant and adopt stringent cybersecurity measures to protect against both external threats and internal vulnerabilities.

As remote work continues to evolve, organizations must also foster a culture of cybersecurity awareness among employees. Regular training and updates about the potential risks can help mitigate the chances of falling victim to similar attacks in the future. Moreover, implementing robust IT security protocols can make it more difficult for malicious actors to exploit weaknesses within corporate systems.

In conclusion, this incident underscores the urgent need for companies to reassess their hiring practices and cybersecurity strategies in the face of evolving threats. As the landscape of remote work changes, so too must the measures organizations take to protect themselves from potential internal and external cyber threats.