While we all know about the dangers of hackers online and keeping our wits about us in terms of cybersecurity, chances are that you don't expect to be working with a cybercriminal. Unfortunately, one firm apparently made the fatal mistake of hiring a North Korean criminal, who hacked its personal information and then promptly decided to blackmail the company.
It's all very covert, but an unnamed company in either the USA, UK, or Australia was infiltrated by the North Korean cyber criminal who was posing as a simple IT contractor and collected a salary over the course of four months.
That's according to Secureworks Director of Threat Intelligence Rafe Pilling, who explained how the unnamed assailant 'accessed and exfiltrated company data' within a matter of days. After downloading this sensitive company data and being fired for poor performance, the hacker then sent the company a ransom demand.
Advert
Ransom emails reportedly demanded a six-figure sum in cryptocurrency, although it's not revealed whether the firm actually paid him.
It's suggested that the information was likely redirected to North Korea through a laundering process that avoids western sanctions. "No longer are they [fake workers] just after a steady pay check," said Pilling.
"They are looking for higher sums, more quickly, through data theft and extortion, from inside the company defences." He went on to warn UK companies that they should be on 'high alert' for these situations.
Advert
The Office of Financial Sanctions Implementation (OFSI) published a report highlighting this crimewave, telling companies to look out for telltale signs like an inconsistent spelling of someone's name, location, nationality, experience, and refusing to appear on camera.
The security awareness training firm KnowBe4 also reported someone from North Korean who posed as a software engineer and managed to slip past background checks. They supposedly spent their first 25 minutes on the job trying to install malware onto a company workstation.
There's been an alarming rise in cyber criminals working for North Korea since 2022. Cyber security company Mandiant says that dozens of Fortune 100 companies have accidentally hired North Korean workers, with territories including the USA and South Korea accusing North Korea of taking well-paid western roles but managing to avoid sanctions.
Advert
Documentation from Google’s Mandiant unit reveals how over 60 identities had impacted 300 companies and generated more than $6.8 million in wrongful revenue between 2020 and 2023.
If you're suspicious of someone's intentions, look out for those who ask for prepayment but fail to complete tasks, as well as someone who wants to reroute equipment to a different address, use money transfer services for paychecks, and access corporate networks with unauthorised remote access tools.