-
A company hired a North Korean IT worker who posed as a non-North Korean, falsifying employment history and personal details ¹.
-
The worker stole sensitive data and demanded a six-figure ransom in cryptocurrency after being fired ¹.
-
This incident highlights the increasing risk of insider threats from North Korean IT workers targeting companies worldwide ¹[2).
A recent incident has exposed a significant shift in tactics by North Korean IT workers. A company, based in either the US, UK, or Australia, hired a North Korean worker as a contractor, unaware of their true identity. During their four-month tenure, the worker used remote tools to infiltrate the company’s systems and download sensitive data.
After being dismissed, the company received emails with evidence of stolen data and a ransom demand.
This scam is part of a larger scheme to bypass sanctions and generate revenue for North Korea. The FBI has warned that thousands of North Korean IT workers are infiltrating US companies, working under false identities. Cybersecurity experts emphasize the importance of thorough vetting and background checks to prevent such breaches.
To protect against these scams, companies should:
-
Verify Identities: Conduct thorough identity checks and in-person or video interviews ¹.
-
Monitor Activity: Be cautious of unusual requests, such as rerouting corporate IT equipment ¹.
-
Limit Access: Restrict access to non-essential systems and watch for suspicious financial behavior ¹.
