In a shocking turn of events, an unnamed company based in the UK has fallen victim to a sophisticated cyber attack after inadvertently hiring a North Korean hacker as a remote IT worker.
The cybercriminal, believed to be male, successfully infiltrated the company by presenting false employment history and personal details during the hiring process. Once granted access to the company's network, the hacker wasted no time in exploiting his position, downloading sensitive data and subsequently issuing a ransom demand.
After four months of employment, during which the hacker collected a salary likely funneled back to North Korea, the company terminated his contract due to poor performance. It was then that the true nature of the infiltration came to light, as the company received ransom emails threatening to publish or sell the stolen information unless a six-figure sum in cryptocurrency was paid.
This incident is not isolated. Since 2022, authorities have been warning about the rise of North Korean workers secretly infiltrating Western companies. The US and South Korea allege that North Korea has tasked thousands of individuals to take on multiple well-paid Western roles remotely, both to earn money for the regime and to circumvent sanctions. We recently covered our own incident on the blog where a fake Norean Korea IT worker tried to infiltrate our own organization.
In light of these events, companies are urged to exercise extreme caution when hiring remote workers. Thorough background checks, reference verifications, and enhanced cybersecurity measures are crucial in preventing such infiltrations.
As remote work continues to be a significant part of the global workforce, companies must remain vigilant and adapt their security practices to address these evolving threats. This incident serves as a wake-up call for organizations worldwide to reassess their hiring processes and cybersecurity protocols in the face of increasingly sophisticated cyber threats.
New-school security awareness training can give your organization an essential layer of defense against phishing attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
BBC News has the full story.