A criminal from North Korea managed to get hired at a company as a remote IT worker. The technician, who faked his employment and personal details, hacked the company after being fired over poor performance.
According to a report by BBC, the company that did not want to be named and could be based in the UK, US, or Australia, allowed American cybersecurity firm Secureworks to disclose the details of the attack. The unnamed company did this to raise awareness and warn others of similar threats.
Read| Major IT Attacks Mostly Caused Because Of Human Error: How Can That Be Stopped
Secureworks, in its report, detailed how criminals in North Korea forge documents and personal details to secure employment at Western companies. Once hired, they download sensitive information, sometimes using it later to extort their former employers.
The BBC reported that the cybercriminal was hired as a contractor in the summer. He exploited his employee access to log into the corporate network, then downloaded as much sensitive data as he could, and transferred confidential data outside the company.
The individual worked for the company for four months before getting sacked for poor performance. After he was fired, he sent ransom emails to the company. In the emails, he threatened his employer, demanding a six-figure sum in cryptocurrency or else he would publish or sell sensitive data online.
Also Read| Opinion | Cyber Assault on Iran: Is This Israel’s Digital Blitzkrieg?
It is not clear whether or not the company entertained his ransom demand.
This incident, however, is not isolated. Since 2022, multiple cases have been reported where cybercriminals from North Korea have secured employment at Western companies. They not only get paid well for working remotely but also evade sanctions.
In September, cyber responders from Mandiant reported that dozens of Fortune 100 companies have inadvertently hired people from North Korea. However, cases where these employees turn against their employers remain rare.
Rafe Pilling, Director of Threat Intelligence at Secureworks, told the BBC, “This represents a significant escalation of the threat posed by North Korean IT worker schemes. They are no longer just seeking a regular paycheck, but are now targeting larger sums through data theft and extortion from within company defenses.”
Comments
0 comment