Paycheck to payback: How IT worker hacked firm for big ransom after being fired for 'poor performance'
cyber criminal, posing as a remote IT worker, infiltrated a Western company and hacked its network, according to a report by the BBC. The unnamed company, believed to be based in the UK, US, or Australia, allowed cybersecurity firm Secureworks to release details of the incident to warn about increasing infiltration by North Korean cyber criminals.
How it happened
The cyber criminal, believed to be a man, secured employment as a contractor in the summer by providing falsified information. Once hired, he gained access to the company's sensitive data using remote working tools. He exploited his position to download and transfer confidential information outside the company.
The cybercriminal received a salary for four months before being fired for poor performance. After being dismissed, he sent ransom emails threatening to publish or sell the sensitive data if not paid. It remains unclear whether the company complied with the ransom demand.
Not an isolated case
This case is part of a larger trend. Since 2022, cybersecurity experts have warned of an increase in North Korean workers using fake information to get hired at remote positions in Western companies. These schemes allow them to bypass international sanctions. However, incidents involving these workers hacking their employers are still uncommon.
Escalation of risk
Rafe Pilling, Director of Threat Intelligence at Secureworks, noted the seriousness of the situation. «This is a serious escalation of the risk from fraudulent North Korean IT worker schemes,» he said
Read more on economictimes.indiatimes.com
