A North Korean cyber criminal was hired as a remote IT worker by an unidentified company and subsequently hacked into its systems, according to a report by the BBC. The company, located in the UK, US, or Australia, chose to remain anonymous but allowed cybersecurity firm Secureworks to disclose details of the incident to illustrate the increasing infiltration of North Korean cyber criminals.
Secureworks highlighted that these criminals are now using falsified information to secure remote positions at Western companies. Once employed, they exploit their access to download sensitive data, which they may later use for extortion.
In one specific case reported by the BBC, a male cyber criminal was hired as a contractor during the summer. Using his remote access tools, he infiltrated the corporate network and began downloading confidential information almost immediately. Throughout this time, he continued to receive a salary from the company.
Remarkably, he managed to collect four months’ salary before being dismissed for poor performance. Following his termination, the company began receiving ransom emails from the former employee, who threatened to sell or publish the sensitive data unless paid. It remains unclear whether the company complied with the ransom demands.
This incident is not an isolated occurrence; cybersecurity officials have been warning about the rise of North Korean infiltrators since 2022. Western nations have accused North Korean workers of using fake information to secure high-paying remote jobs online, thus circumventing sanctions. However, cases of North Korean employees hacking their employers are still relatively rare.
“This represents a significant escalation in the risks posed by fraudulent North Korean IT worker schemes,” said Rafe Pilling, Director of Threat Intelligence at Secureworks. “They are no longer just seeking a steady paycheck; they are now aiming for larger sums more quickly through data theft and extortion from within company defenses.”