A company recently fell victim to a cyber attack after unknowingly hiring a North Korean cyber criminal disguised as an IT contractor. This incident highlights a new tactic employed by North Korean hackers to infiltrate companies and demand ransom in exchange for stolen data.
The cybersecurity company Secureworks, which investigated the incident, revealed that the criminal accessed and exfiltrated company data shortly after starting the fixed-term contract. Once the contract ended, the criminal demanded a ransom to prevent the publication of the stolen data. This approach represents an escalation in the risks posed by North Korean hackers, as they move beyond seeking a steady paycheck to engaging in data theft and extortion.
UK companies are particularly vulnerable to these types of attacks, as North Korean hackers attempt to generate revenue for the regime by posing as freelance IT workers. The Office of Financial Sanctions Implementation (OFSI) issued a warning to UK companies, stating that hiring workers associated with North Korea could breach existing sanctions.
To protect themselves from such attacks, companies should remain vigilant and watch out for signs that a contractor may not be who they claim to be. Inconsistent information, reluctance to appear on camera, and unusual requests for payment or equipment should all raise red flags. Monitoring for suspicious behavior, such as long pauses during video interviews or attempts to reroute IT equipment, can help companies identify potential threats.
In light of the increasing sophistication of cyber attacks, it is crucial for organizations to implement robust cybersecurity measures and educate employees about the risks of hiring unknown contractors. By staying informed and adopting a proactive approach to cybersecurity, companies can reduce the likelihood of falling victim to malicious actors like the North Korean hackers who targeted the unnamed firm.