Firm hacked after unknowingly hiring North Korean cyber criminal as remote IT worker: Report

The company, based in either the UK, US, or Australia, has chosen to remain anonymous, but allowed cyber security firm Secureworks to share details of the attack to raise awareness about the growing threat of North Korean cyber criminals infiltrating Western businesses.

According to Secureworks, North Korean hackers have started using fake credentials to land remote jobs with Western companies.

Once hired, these cybercriminals exploit their access to company networks to steal sensitive data, and in some cases, extort their employers.

In one such case, reported by the BBC, a North Korean cyber criminal, believed to be male, was hired as a contractor during the summer.

With access to the company’s systems through his remote tools, he immediately began downloading confidential information.

While secretly transferring sensitive data outside the company, the criminal was able to collect four months of salary before being dismissed for poor performance.

Following his termination, the company received ransom threats, with the former contractor demanding payment in exchange for not leaking or selling the stolen data.

It is unclear whether the company paid the ransom, as per the report.

This incident is part of a wider pattern, as cybersecurity agencies have been warning since 2022 about North Korean operatives using fraudulent data to secure well-paid remote jobs in Western countries, circumventing international sanctions.

However, instances of these workers turning on their employers and engaging in hacking activities have been relatively rare until now.

Rafe Pilling, Director of Threat Intelligence at Secureworks, told the BBC, "This marks a serious escalation in the threat posed by North Korean IT worker schemes."

"They are no longer just after steady paychecks, but are now seeking larger payouts through data theft and extortion from within company defenses," Pilling added.