Unintentionally employing a North Korean cybercriminal as a remote IT worker led to a corporation being attacked.
After the technician falsified his personal information and work background, the unnamed company employed him.
The hacker submitted a ransom demand after gaining access to the company’s computer network and downloading confidential company information.
The US, Australian, or UK-based company refused to be identified.
It has made it possible for Secureworks’ cyberresponders to disclose the intrusion in order to raise awareness and alert others.
It is the most recent in a series of incidents where remote workers from the West have been exposed as North Koreans.
According to Secureworks, the IT employee, who is believed to be male, was employed as a contractor during the summer.
He logged into the company network using the remote working tools provided by the company.
Once he acquired access to internal systems, he proceeded to covertly download as much company data as he could.
According to researchers, this was probably diverted to North Korea in a convoluted money laundering scheme to get over Western sanctions against the nation.
The business received ransom emails with some of the stolen material and a demand for payment in cryptocurrency after firing him for subpar work.
The hacker threatened to sell or publish the stolen data online if the company didn’t pay.
Whether the ransom was paid or not was not disclosed by the company.
Firms duped
Authorities and cyberdefenders have been warning about the increase in covert North Korean employees into western businesses since 2022.
North Korea is accused by the US and South Korea of assigning hundreds of employees to perform several lucrative western jobs from a distance in order to generate revenue for the government and evade sanctions.
The cyber security firm Mandiant reported in September that it had discovered that hundreds of Fortune 100 corporations had inadvertently employed North Koreans.
However, Rafe Pilling, Director of Threat Intelligence at Secureworks, says it is uncommon for hidden IT personnel to use cyberattacks against their companies.
“This is a serious escalation of the risk from fraudulent North Korean IT worker schemes,” he said.
“No longer are they just after a steady pay check; they are looking for higher sums, more quickly, through data theft and extortion from inside the company defences.”
The case follows the July discovery of another North Korean IT worker trying to hack their workplace.
The cyber firm KnowBe4 employed the IT specialist, and when it observed odd activity, it promptly blocked access to their servers.
“We posted the job, received resumes, conducted interviews, performed background checks, verified references, and hired the person,” the firm wrote in a blog post.
“We sent them their Mac workstation, and the moment it was received, it immediately started to load malware (malicious software).”
Authorities are cautioning firms to exercise caution when hiring new employees who work remotely.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.