Connect with us

Hi, what are you looking for?

Science&Tech News

Company hacked after accidentally hiring North Korean cyber criminal

A company was hacked after it hired a North Korean cyber criminal posing as an IT contractor.

The unnamed company fell victim to a new North Korean hacking tactic, according to cybersecurity company Secureworks, which investigated the incident.

A North Korean cyber criminal posing as an IT contractor was hired for a fixed-term contract by the firm, which is based either in the UK, US or Australia.

Secureworks is keeping the company’s location general in order to protect the company.

Within days of starting work, the criminal “accessed and exfiltrated company data”, according to Rafe Pilling, who is the director of threat intelligence at Secureworks.

Then, when the employment contract was finished, the criminal used the hacked data “to demand a hefty ransom in return for not publishing” it, said Mr Pilling.

This is a new tactic for the North Korean regime, which was already trying to sneak its workers into UK companies.

“It is almost certain that UK firms are currently being targeted by [North Korean] IT workers disguised as freelance third-country IT workers to generate revenue for the DPRK regime,” said an advisory note published by the government’s Office of Financial Sanctions Implementation (OFSI) last month.

UK companies that hire these workers could be breaching the “significant” sanctions currently placed on North Korea, according to OFSI.

Although it is thought those workers’ salaries were being used to fund the North Korean regime, this latest incident, and others like it, mark “a serious escalation” of risk for companies, said Mr Pilling.

“No longer are [the fake workers] just after a steady paycheck, they are looking for higher sums, more quickly, through data theft and extortion, from inside the company defences,” he said.

UK companies should protect themselves from these kinds of attacks by being on “high alert”, he said.

OFSI published a list of tell-tale signs that a new contractor is not who they say they are and is, in fact, an agent for the North Korean government.

Some of those include being inconsistent with the spelling of their name, their nationality, location, experience and online presence or refusing to appear on camera.

Mr Pilling said companies should monitor for long pauses if they do appear on camera for job interviews and OFSI warns that people who request prepayment but then fail to complete tasks, or just generally fail to do the job, could also be suspicious.

Attempts to re-route corporate IT equipment sent to the contractor’s home, routing paychecks to money transfer services and accessing the corporate network with unauthorised remote access tools should also be red flags.

This post appeared first on sky.com
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Crypto News

The Bank of Russia has issued a directive for financial institutions to prepare for the integration of the digital ruble. The move aims to...

Science&Tech News

Consumer rights group Which? is suing Apple for £3bn over the way it deploys the iCloud. If the lawsuit succeeds, around 40 million Apple...

Science&Tech News

Battle lines have been drawn between the almost 200 countries meeting in Azerbaijan as they seek to agree a new pot of money to...

Crypto News

FIDA and MEW, cryptocurrencies based on the Solana blockchain, saw noteworthy positive sentiment on Thursday as they secured vital listings. Solana Name Service (FIDA)...