A North Korean cyber criminal successfully gained employment as a remote IT worker at an undisclosed company, later hacking into the organization’s systems and stealing sensitive data. While the company, located in either the UK, US, or Australia, has chosen to remain anonymous, it allowed cybersecurity firm Secureworks to release details about the incident to raise awareness of the growing threat posed by North Korean cyber infiltrators.
According to Secureworks, North Korean criminals have been increasingly using fake credentials to secure remote jobs at Western companies. These criminals then leverage their access as employees to steal valuable company information. In some instances, the stolen data is used to extort the company for money after the employee has been terminated.
In this particular case, the cyber criminal, believed to be a man, was hired as a contractor in the summer. With the access provided to him for remote work, he managed to infiltrate the company’s network and began stealing confidential information.
The North Korean criminal started downloading sensitive data from the company’s servers almost immediately after gaining access. Shockingly, he was able to continue collecting a salary for four months, despite not performing well in his job. The company eventually fired him due to poor performance, but the problems didn’t end there.
After being dismissed, the cyber criminal sent ransom emails to the company, threatening to either sell or publicly release the stolen information unless he was paid. It remains unclear whether the company agreed to pay the ransom.
This incident is not an isolated case. Cybersecurity experts have been warning about the increasing number of North Korean individuals securing remote, well-paying jobs in Western countries by using falsified data, evading international sanctions. However, cases involving these workers hacking their employers are still considered rare.
Rafe Pilling, Director of Threat Intelligence at Secureworks, noted the seriousness of the situation. “This is a serious escalation of the risk from fraudulent North Korean IT worker schemes. No longer are they just after a steady paycheck, they are looking for higher sums, more quickly, through data theft and extortion, from inside the company defenses.”
This case highlights the growing need for companies to be vigilant in their hiring processes, particularly for remote roles. With the rise of cyber attacks orchestrated by North Korean criminals, businesses are being urged to adopt stricter cybersecurity measures and regularly monitor employee activities to prevent potential data breaches.
