How it happened
The cyber criminal, believed to be a man, secured employment as a contractor in the summer by providing falsified information. Once hired, he gained access to the company’s sensitive data using remote working tools. He exploited his position to download and transfer confidential information outside the company.
The cybercriminal received a salary for four months before being fired for poor performance. After being dismissed, he sent ransom emails threatening to publish or sell the sensitive data if not paid. It remains unclear whether the company complied with the ransom demand.
Not an isolated case
This case is part of a larger trend. Since 2022, cybersecurity experts have warned of an increase in North Korean workers using fake information to get hired at remote positions in Western companies. These schemes allow them to bypass international sanctions. However, incidents involving these workers hacking their employers are still uncommon.
Escalation of risk
Rafe Pilling, Director of Threat Intelligence at Secureworks, noted the seriousness of the situation. “This is a serious escalation of the risk from fraudulent North Korean IT worker schemes,” he said in the BBC report. “No longer are they just after a steady pay check, they are looking for higher sums, more quickly, through data theft and extortion, from inside the company defences.”
Cybersecurity authorities continue to monitor this growing threat, urging companies to strengthen their hiring processes and cybersecurity measures.