A recent cyberattack has highlighted the growing threat of North Korean operatives infiltrating Western companies by posing as remote IT workers.
An unidentified firm based in the UK, US, or Australia fell victim to a hack after inadvertently hiring a North Korean cyber criminal as a remote IT technician.
The incident began when the company hired the technician, who had falsified his employment history and personal details. Once granted access to the company’s computer network, the hacker downloaded sensitive company data and issued a ransom demand.
How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide(PDF)
According to Secureworks, the IT worker, believed to be male, was contracted during the summer. He utilized the company’s remote working tools to log into the corporate network and covertly downloaded extensive amounts of company data shortly after gaining access to internal systems.
The individual remained employed by the company for four months, collecting a salary that researchers suspect was funneled back to North Korea through a complex laundering process designed to evade international sanctions.
After the company terminated his employment due to poor performance, it received ransom emails containing some of the stolen data and a demand for a six-figure sum in cryptocurrency.
The hacker threatened to publish or sell the stolen information online if the ransom was not paid. The company has not disclosed whether it complied with the ransom demand, reads BBC report.
This incident is part of a broader trend of Western companies discovering that some remote workers are actually North Korean operatives.
Since 2022, authorities and cybersecurity professionals have raised alarms about the increasing number of covert North Korean workers infiltrating Western enterprises.
The United States and South Korea have alleged that North Korea has sent thousands of individuals to obtain well-paying jobs in distant Western locations in order to earn money for the government and avoid sanctions.
In September, cybersecurity firm Mandiant reported that numerous Fortune 100 companies had unwittingly hired North Korean IT workers.
These individuals often gain elevated access to modify code and administer network systems, posing a significant threat to corporate security.
The incident underscores the importance of thorough background checks and verification processes when hiring new remote employees. Authorities are urging companies to exercise caution and implement robust vetting procedures to prevent similar incidents.
This case follows another incident in July, where a North Korean IT worker was caught attempting to breach their employer’s network. The cybersecurity firm KnowBe4 detected suspicious activity and promptly cut off the worker’s access, highlighting the need for vigilant monitoring and swift action in response to potential threats.
The threat of North Korean operatives infiltrating Western companies through remote IT positions is a growing concern. Companies must remain vigilant and take proactive measures to protect their networks and data from these sophisticated threats.
Strategies to Protect Websites & APIs from Malware Attack => Free Webinar