New Delhi: A North Korean cyber criminal, pretending to be a remote IT worker, managed to breach the network of a Western company, according to a BBC report. The company, thought to be based in the UK, US or Australia, allowed cybersecurity firm Secureworks to reveal the incident. This highlights risk of North Korean cybercriminals targeting international businesses.
What happened?
North Korean cybercriminals are now using fake information to land remote jobs at Western companies, according to Secureworks. Once hired, they exploit their employee access to steal sensitive company data. In some cases, they’ve even used the stolen data to extort their employers after leaving the job.
According to the BBC, the cybercriminal was hired as a contractor over the summer. Using his employee access, he logged into the company’s network and downloaded as much sensitive information as possible and transferred the confidential data outside the company.
The individual worked for the company for four months before being fired for poor performance. After his dismissal, he sent ransom emails, threatening to leak or sell the company’s sensitive data unless he was paid a six-figure sum in cryptocurrency. It’s unclear if the company agreed to his demands.
This incident isn’t an isolated case. Since 2022, there have been multiple reports of North Korean cybercriminals getting hired by Western companies. These criminals benefit from high-paying remote jobs while avoiding sanctions. In September, Mandiant cyber responders revealed that dozens of Fortune 100 companies had unknowingly employed North Koreans. However, it’s still rare for these workers to turn against their employers.
Rafe Pilling, Director of Threat Intelligence at Secureworks, explained to the BBC that this case marks a serious escalation in the risks posed by North Korean IT worker schemes. He noted, “They are no longer just seeking a regular paycheck, but are now targeting larger sums through data theft and extortion from within company defenses.”