A company, whose name has not been disclosed, recently fell victim to a cyberattack after inadvertently hiring a North Korean hacker, who was supposed to work remotely in the field of information technology, according to a report by the BBC.
The company, which preferred not to disclose its identity and is based in the UK, USA, or Australia, hired the hacker after he falsified his work history and personal information. After being given access to the company’s computer network, he downloaded sensitive data and demanded a ransom.
The company allowed the incident response team from “SecureWorks” to report the breach to raise awareness and warn others. “SecureWorks” mentioned that the IT employee, believed to be a man, started working in the summer and used the company’s remote work tools to log into the network. Once he gained access, he stole as much data as possible.
Although the company terminated the employee due to poor performance after four months of work, they received emails demanding a ransom, including some of the stolen data, and a large sum in cryptocurrency. The hacker threatened to publish or sell the stolen information online if the ransom was not paid.
Reports indicate that the hacker sent the money to North Korea through a complex process to avoid Western sanctions imposed on his country. Since 2022, authorities and cybersecurity experts have warned of an increase in North Korean employees targeting Western companies.
In September of last year, cybersecurity company “Mandiant” reported that many companies listed in the “Fortune 100” inadvertently employ North Korean staff.
In a statement, Reef Billing, Threat Intelligence Manager at “SecureWorks,” said that such cyberattacks pose a serious escalation, with these employees seeking to make large financial gains through data theft and electronic extortion instead of receiving a fixed salary.
This is not the first incident of its kind, as another IT employee from North Korea was arrested in July last year after attempting to breach his employer. The company, “NoBe4”, received numerous resumes and conducted interviews to verify the backgrounds of applicants before hiring them, but his suspicious behaviors led to access to the systems being disabled.
