A company became the victim of a North Korean cybercriminal after it employed a hacker for a remote position in its IT department. The firm wasn’t aware of the individual’s background and shared that the individual falsified his employment history and personal information.
According to a BBC report, the firm operates in the US, UK or Australia, however, has opted to remain anonymous. This incident highlighted how more and more North Koreans are infiltrating Western firms under false identities.
The North Korean individual was hired by the company during the summer where he was given access to the internal systems and remote tools required for his job. Cyber security firm Secureworks reported that the hacker discreetly downloaded sensitive information related to his employer using his credentials. Over a period of four months, the individual also downloaded large amounts of data covertly.
The data breach wasn’t detected for months and continued to pay the individual his salary who was likely sharing the funds back to North Korea via a laundering network meant to circumvent international sanctions.
After the company fired the person for not performing upto their standards, the hacker retaliated by sending ransom emails and threatened to reveal the stolen data if the firm didn’t pay him a major amount of money via cryptocurrency.
Also Read : Bank Holiday Today: Are Banks Closed For Business On October 19? Find Out
Notably, authorities have warned since 2022 about North Korea strategically using thousands of individuals to work remotely for foreign companies, with the earnings being sent back to the regime. This strategy is being deployed by the country to evade international sanctions and fund state operations.
Earlier in September, cyber security firm Mandiant said that even Fortune 100 companies have been tricked into employing North Korean operatives. That being said, such cyber attacks still remain rare.