An IT contractor fired for poor performance was exposed as a North Korean hacker, who later blackmailed the company with stolen data, demanding a six-figure ransom in cryptocurrency to keep the information private.
The firm, which was not named, hired the individual over the summer as a contractor after they faked their qualifications and employment history, as reported by the BBC.
Using the firm’s remote working tools to get into the corporate network, the technician proceeded to download company data — all while collecting a salary.
The company, said to be based in the UK, began receiving blackmail emails with some of the stolen data four months later after the individual was fired for poor performance, as reported by IT Daily. If the company refused pay them a six-figure ransom of cryptocurrency, the hacker threatened to publish or sell the data. It is unknown if the ransom was paid.
In order to help to warn others about the potential dangers, Secureworks cybersecurity specialists were allowed to share the incident. Secureworks said that foreign hackers will sometimes try to disguise their location by asking to use their personal computers or will have their laptop sent to a laptop farm with a U.S. IP address.
Security company Mandiant said in September that dozens of major companies have unknowingly hired North Koreans, however Secureworks noted that it is rare for the secret employee to create a cyber attack.
“This is a serious escalation of the risk from fraudulent North Korean IT worker schemes,” Rafe Pilling, director of threat intelligence at Secureworks, told the BBC. “No longer are they just after a steady paycheck, they are looking for higher sums, more quickly, through data theft and extortion, from inside the company defenses.”