A company was hacked after accidentally hiring a North Korean cybercriminal as a remote IT employee.
The unidentified company hired the technician after he falsified his employment history and personal information.
Once they gain access to a company’s computer network, the hackers download the company’s sensitive data and issue a ransom demand.
The company, which is based in the UK, US or Australia, spoke on condition of anonymity.
It allows Secureworks’ cyber responders to report hacks to spread awareness and warn others.
It is the latest in a series of cases in which Western remote workers have been revealed to be North Koreans.
Secureworks said the IT employee, believed to be a male, was hired as a contractor this summer.
He logs into the company network using the company’s remote work tools.
Once he gained access to internal systems, he secretly downloaded as much company data as he could.
He worked for the company for four months and received a salary.
Researchers say this may have been transferred to North Korea through a complex money laundering process to evade Western sanctions on the country.
After the company fired him due to poor performance, it received a ransom email containing some stolen data and demanding a six-figure sum in cryptocurrency.
If the company doesn’t pay, the hackers say they will publish or sell the stolen information online.
The company did not disclose whether a ransom was paid.
Since 2022, authorities and cyber defenders have been warning of North Korean clandestine workers infiltrating Western companies.
The United States and South Korea accuse North Korea of assigning thousands of employees to work remotely in multiple high-paying Western positions to make money for the regime and avoid sanctions.
In September, cybersecurity firm Mandiant said dozens of Fortune 100 companies were found to have inadvertently employed North Koreans.
But Rafe Pilling, director of threat intelligence at Secureworks, said it’s rare for covert IT employees to launch cyber attacks against their employers.
“The risk of North Korean IT worker fraud schemes has seriously escalated,” he said.
“They are no longer just looking for a steady paycheck, but are looking for higher sums faster through data theft and extortion within the company.”
The case comes after another North Korean IT employee was arrested in July for trying to hack his employer.
The IT employee was employed by networking company KnowBe4, which quickly banned access to its systems when it noticed the strange behavior.
“We posted the job, received the resume, conducted the interview, conducted a background check, verified references, and hired the individual,” the company wrote in a blog post.
“We sent them a Mac workstation and upon receipt, it immediately started loading malware (malware).”
Authorities are warning employers to be vigilant if new employees are working fully remotely.