A company recently faced a major setback after inadvertently hiring a North Korean IT worker who engaged in data theft and extortion.
According to the BBC, the company, which operates in the UK, US, and Australia, hired an employee and terminated after he misrepresented his employment history and personal details. He was initially brought on as a summer contractor and remained with the company for four months. During his tenure, he exploited the firm’s remote working tools to access and download sensitive data from the corporate network.
After his dismissal due to poor performance, the company received emails threatening to release or sell the stolen data unless a six-figure ransom specified in cryptocurrency was paid.
The company remained anonymous and has not disclosed whether the ransom was paid. However, it collaborated with cyber response specialists from SecureWorks to publicize the incident, aiming to raise awareness and caution other organizations.
Secureworks has noted that this event is part of a broader pattern involving Western remote workers who are later discovered to be North Koreans. These individuals often misuse their access to sensitive information, sometimes resorting to extortion from their employers.
Cybersecurity agencies have been alerting about the increasing threat North Korean operatives pose since 2022. The US and South Korea have accused North Korea of deploying thousands of workers in high-paying remote jobs in the West to generate revenue for the regime and circumvent sanctions.
“This marks a significant escalation in the risks associated with fraudulent schemes by North Korean IT workers,” said Rafe Pilling, Director of Threat Intelligence at Secureworks. He emphasized that these workers are no longer content with regular salaries but are pursuing larger sums through internal data theft and extortion.
Employers are advised to exercise increased vigilance, especially when hiring for fully remote positions.
