Western company was recently targeted by a cyberattack after hiring a remote worker who turned out to be a North Korean hacker posing as an IT specialist. The organization, based in the UK, the USA, or Australia, chose to remain anonymous but allowed specialists from SecureWorks to share information about the incident to raise awareness and help prevent similar situations in other companies. This case is just one in a series of revelations of North Korean specialists working remotely in Western firms.
According to SecureWorks, the attacker provided fake documents about their work history and personal data. Once inside the corporate network, the fake IT specialist spent four months secretly downloading confidential information while still receiving a salary. Researchers believe that the funds received were funneled back to North Korea through a complex money laundering system to evade Western sanctions.
After being dismissed for poor performance, the company received ransom demands from the attacker, who threatened to publish or sell the stolen data if a six-digit amount in cryptocurrency was not paid. The company has not disclosed whether the ransom was paid.
Authorities and cybersecurity experts have been warning about the increasing number of North Korean workers infiltrating Western companies since 2022. The United States and South Korea have accused North Korea of sending thousands of workers to high-paying remote positions to circumvent sanctions.
In September alone, Mandiant discovered that several companies from the Fortune 100 list had unknowingly hired North Korean individuals using false identities. However, instances of these employees using their positions for cyberattacks remain rare.
Rap Pilling, Director of Cyberism at SecureWorks, emphasized the seriousness of this case as a risk escalation. While in the past, North Korean IT specialists aimed for a stable salary, they now appear to be targeting large sums through data theft and extortion.
A similar incident took place in July, when KNOWBE4 uncovered an attempt to hack systems by a new employee from North Korea. Despite interviews, data verification, and recommendations, the attacker tried to install malware immediately upon receiving a work computer.