A company has been hacked after accidentally hiring a North Korean cyber criminal as a remote IT worker.
The unidentified firm hired the technician after he faked his employment history and personal details.
Once given access to the company’s computer network, the hacker downloaded sensitive company data and sent a ransom demand.
The firm which is based in the UK, US or Australia did not want to be named.
It has allowed cyber responders from SecureWorks to report the hack to spread awareness and warn others.
It is the latest in a string of cases of western remote workers being unmasked as North Koreans.
Secureworks said the IT worker, thought to be a man, was hired in the summer as a contractor.
He used the firm’s remote working tools to log into the corporate network.
He then secretly downloaded as much company data as possible as soon as he had gained access to internal systems.
He worked for the firm for four months collecting a salary.
Researchers say this was likely redirected to North Korea in a complex laundering process to evade Western sanctions on the country.
After the company sacked him for poor performance, it received ransom emails containing some of the stolen data and a demand to be paid a six-figure sum in cryptocurrency.
If the company did not pay, the hacker said they would publish or sell the stolen information online.
The firm did not disclose whether the ransom was paid.
Firms duped
Since 2022, authorities and cyber defenders have warned about the rise of secret North Korean workers infiltrating Western companies.
The US and South Korea accused North Korea of tasking thousands of staff to take on multiple well-paid Western roles remotely to earn money for the regime and avoid sanctions.
In September cyber security company Mandiant said dozens of Fortune 100 companies have been found to have accidentally hired North Koreans.
But secret IT workers turning on their employers with cyber attacks is rare, according to Rafe Pilling, Director of Threat Intelligence at Secureworks.
"This is a serious escalation of the risk from fraudulent North Korean IT worker schemes," he said.
"No longer are they just after a steady pay check, they are looking for higher sums, more quickly, through data theft and extortion, from inside the company defences?"
The case comes after another North Korean IT worker was caught attempting to hack their employer in July.
The IT worker was hired by the cyber company KnowBe4, which quickly disabled access to their systems when it noticed strange behaviour.
"We posted the job, received resumes, conducted interviews, performed background checks, verified references, and hired the person," the firm wrote in a blog post.
"We sent them their Mac workstation and the moment it was received, it immediately started to load malware (malicious software)."
Authorities are warning employers to be vigilant about new hires if they are fully remote.
Latest Stories
-
Black Galaxies: Didi Dramani rallies support ahead of CHAN qualifier against Nigeria
15 minutes -
Agenda 111 will not solve Ghana’s healthcare crisis – Kwame Sarpong Asiedu
22 minutes -
“I never left the stage” – Fameye on London show mishap
23 minutes -
I have a plan to win the league for Hearts Of Oak- Aboubakar Outtara
49 minutes -
CIB Ghana celebrates induction of 110 Chartered Bankers, totaling 1,127 over five years
50 minutes -
LPG consumption increases by 4% in 2023
59 minutes -
Enjoying the Festive Season with Moderation in Mind
60 minutes -
I work with a communication firm in America – Charlie Dior
1 hour -
Presidential Elections: Between Ghana, Nigeria: 7 reasons BVAS may never work in Nigeria — Investigation
1 hour -
Friedkin Group completes Everton takeover
1 hour -
CAF Executive Committee approves 2025 Competition Calendar
2 hours -
FIFA Rankings: Ghana ends 2024 77th in the world, maintains 14th position in Africa
2 hours -
Kwame Agbodza slams $147m e-gate system as ‘create, loot, and share’ scheme
2 hours -
Drones deployed in Bawku to track down attackers
3 hours -
Today’s front pages: Thursday, December 19, 2024
3 hours