Firm hacked after accidentally hiring North Korean cyber criminal

Hacker silhouette working on a laptop with North Korean flag on the background

(Image credit: Getty Images)

A company was hacked after hiring a fake IT professional from North Korea, a new report from the BBC has claimed.

The company, which was not named, operates either in the US, UK, or Australia. It sought to add an IT professional to the team, and tapped into the global talent pool. There, it found a suitable candidate, who obviously went through the hiring process and got the job.

The person that was hired, however, faked their entire identity, including knowledge and previous experience. After being hired, the scammer accessed the company’s infrastructure and downloaded as much sensitive information as they could.

Simple scam, or something more?

The miscreant worked for four months with the company, before allegedly being fired for poor performance. After that happened, the crook threatened to release all of the stolen data on the internet, or sell it to the highest bidder. He demanded a six-figure ransom in exchange for keeping the data private.

According to the BBC, it is not known whether the company paid the ransom or not. It has not been clarified whether this was a deliberate cyberattack against the organization, a disgruntled former employee, or a “simple” scam.

This could either be a simple scam, or a disgruntled former employee taking revenge upon their former employers. However, it could be something more.

Lazarus Group, a North Korean state-sponsored threat actor, is known in the cybersecurity community for its “fake job” attacks. Usually, they would set up a fake job ad on social media and try to “hire” software developers working in high-profile organizations. During the interview process, they would trick the candidate into installing malware, gaining access to their company’s IT infrastructure.

The attack works both ways, too, since the crooks were seen targeting organizations directly, by trying to get hired. Lazarus apparently goes for people’s cryptocurrency and uses the money to fund the state’s weapons program.

More from TechRadar Pro

North Korean Lazarus hackers are using a fake coding test to steal passwords
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.