An unidentified company has fallen victim to a North Korean cybercriminal, after unknowingly hiring the hacker as a remote IT worker. The shocking incident, revealed by cyber security firm Secureworks, has put the spotlight on the increasing trend of North Koreans infiltrating western companies under false identities.
The firm, which operates in the UK, US, or Australia but has chosen to remain anonymous, reportedly hired the hacker after he falsified his employment history and personal information, BBC reported.
The company hired the North Korean hacker during the summer, providing him with the remote tools needed to access their internal systems. Secureworks disclosed that the hacker used these credentials to quietly download as much sensitive data as possible, BBC reported.
The individual, posing as a legitimate worker, gained access to the company's sensitive computer systems and, over a period of four months, covertly downloaded large amounts of data.
The breach went undetected for months, during which time the individual continued to collect a salary, likely sending the funds back to North Korea through a complex laundering network designed to circumvent international sanctions.
Upon being fired for inadequate performance, the hacker retaliated by sending the company ransom emails, threatening to release the stolen data unless a substantial cryptocurrency payment was made. It remains unclear whether the company paid the ransom or not.
The breach has raised serious concerns in the business world, with experts warning that North Korean cyber operations are escalating.
Since 2022, authorities have warned about North Korea’s strategy of deploying thousands of citizens to work remotely for foreign firms, with their earnings funnelled back to the regime. The ultimate goal? To evade international sanctions and fund state operations.
Cyber security company Mandiant revealed in September that even Fortune 100 companies have been duped into hiring North Korean operatives. However, cyberattacks like the one in this case are still rare. North Korea typically relies on these workers for steady income rather than engaging in outright theft or sabotage, but this latest breach signals a shift in tactics.
For businesses, the message is clear: don’t let your next remote worker be a Trojan horse.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
