The Shocking Case of a North Korean IT Worker Who Tried to Extort His Employer

A Remote Hiring Gone Wrong

A company inadvertently hired a North Korean IT worker for a remote position, leading to a data theft incident. After being dismissed, the worker attempted to extort the company by demanding a ransom for stolen data, as reported by Secureworks.

The Rise of North Korean Infiltration

According to the FBI, thousands of North Korean IT professionals are posing as non-North Koreans to infiltrate US companies, aiming to funnel money back to their home country. This incident marks a shift in tactics from merely seeking steady jobs to data theft and ransom demands.

The Extortion Attempt

The cybersecurity firm Secureworks uncovered the incident when the unnamed company began receiving extortion emails after firing the contractor for poor performance. The emails included attachments with evidence of stolen data and demanded a six-figure sum in cryptocurrency to prevent the data's release.

Increased Vigilance Needed

Rafe Pilling, director of threat intelligence at Secureworks, emphasized the need for companies to be vigilant against individuals seeking employment under false pretenses. He recommended conducting identity checks and being cautious of suspicious requests, such as rerouting corporate IT equipment.

Growing Threats from North Korean Workers

The incident highlights the growing threat of North Korean IT workers infiltrating the US economy. Charles Carmakal, CTO of Mandiant Consulting, noted that many Fortune 100 organizations have been targeted, with North Korea utilizing facilitators to manage remote jobs and operate laptop farms from home.

Importance of Thorough Vetting

Experts stress that thorough vetting and background checks are crucial in preventing unauthorized access to sensitive company data. Jake Moore from ESET highlighted that these processes, while time-consuming, are essential in mitigating insider threats posed by nation-state actors.