A company has suffered a major cyberattack after the firm hired a North Korean hacker as a remote IT contractor by mistake. The case that has highlighted the increasing menace of North Korean hackers exposes the weaknesses that exist in corporate recruitment processes.
The unnamed firm, which is said to be located in the UK, US, or Australia, hired the hacker during the summer after the man supplied fake work experience and identity documents. After gaining access to the company’s network, he quickly started transferring large amounts of data from the company’s servers. For more than four months, he continued to draw his check while at the same time feeding the competitor with sensitive information. This data theft evolved into ransom demands made to the company after he was fired for poor performance.
Security researchers at Secureworks, who have been tracking this trend, noted that the hacker’s earnings were most probably reimbursed to North Korea through a web of money laundering mechanisms to circumvent sanctions. After his dismissal, the company began to receive emails containing ransom demands to publish or sell the data if they were not paid in cryptocurrency.
This is not the first time that North Korean operatives have hacked their way into Western organizations and posed as remote workers. Starting in 2022, officials have alerted the public to this increasing form of invasion, and statistics suggest that many Fortune 100 firms have hired such people without their knowledge. Rafe Pilling, Director of Threat Intelligence at Secureworks, noted that these are new tactics: these operatives are no longer looking for a steady job but also steal data and blackmail.
Consultants recommend that organizations improve their recruitment procedures and investigate the backgrounds of their remote staff to reduce risks. It is a vivid example of how the threat remains high for businesses and their employees, as cybercriminals also take advantage of the new working-from-home situation.
