A North Korean cyber criminal managed to infiltrate an unidentified company by getting hired as a remote IT worker. This case, reported by the BBC, reveals a troubling incident where the company unknowingly employed a North Korean hacker, who then proceeded to exploit his access to the firm’s sensitive information.
The company, which remains unnamed, is based in the UK, US, or Australia and did not wish to disclose further details publicly. However, cybersecurity firm Secureworks provided an account of the breach to highlight the growing trend of North Korean cyber criminals infiltrating Western companies.
North Korean Cyber Criminals Posing as IT Workers
The breach began when the North Korean cyber criminal was hired in the summer as a remote IT contractor. North Korean cyber criminals have increasingly been using falsified resumes and employment data to get hired by Western companies, as noted by Secureworks.
These criminals, once onboarded, gain valuable access to corporate networks, allowing them to steal sensitive information. In this particular case, the hacker began downloading confidential data from the company shortly after gaining access.
Read : North Korea Revises Constitution, Calls South Korea ‘Hostile State’
By taking advantage of his role, the criminal transferred large amounts of sensitive information to an external location while continuing to collect his salary from the company. For several months, the firm had no idea that its systems were being breached by an insider.
Read : North Korean Soldiers Cross World’s Most Heavily Guarded Border – DMZ
The hacker reportedly managed to stay employed for four months despite his poor job performance. It was only after this period that the company decided to terminate the contract, believing the contractor’s dismissal would resolve their issues. However, this was just the beginning of their troubles.
Ransom Demands After Termination
Following the dismissal of the contractor, the company began receiving ransom emails from the former employee. The hacker threatened to release or sell the sensitive information he had stolen unless he was paid a substantial sum. This tactic of using stolen data to extort companies is not new but represents a serious escalation in North Korean cyber operations.
It remains unclear whether the company agreed to pay the ransom or if it took steps to secure its stolen data. What is known is that the company sought assistance from Secureworks, which helped publicize the incident as a warning to other businesses about the growing threat of North Korean cyber criminals.
A Growing Trend in North Korean Infiltration
This case is part of a broader trend, with cybersecurity experts having warned about the increasing infiltration of North Korea cyber criminals into Western companies.
According to Secureworks, these criminals use fake resumes and credentials to land well-paying remote positions, thereby bypassing the sanctions placed on North Korea.
Although cases of North Korean employees directly hacking their employers are relatively rare, the incident described here demonstrates the potential severity of such breaches.
Since 2022, Western countries have raised alarms about this rising trend, and cybersecurity firms have been monitoring North Korean hacking groups more closely.
These groups are known to be highly organized and well-funded by the North Korean government, which uses cyber crime as a means of generating revenue amidst heavy economic sanctions. Secureworks Director of Threat Intelligence, Rafe Pilling, emphasized that this case marks a serious escalation in the activities of North Korean hackers.
While many North Korean cyber operatives previously sought steady paychecks by posing as legitimate employees, some are now using their access to carry out data theft and extortion schemes, potentially seeking larger financial gains.
This case highlights the risks posed by fraudulent IT worker schemes originating from North Korea and serves as a stark reminder of the need for thorough vetting and background checks for remote employees.
Although no details have been shared about how the hacker initially bypassed the company’s screening process, the incident underscores the increasing sophistication of North Korean cyber criminals and the growing challenges for companies in detecting such threats.
let’s enjoy few years on earth with peace and happiness….✍🏼🙏