According to cybersecurity firm Secureworks, which looked into the matter, the unidentified corporation was the target of a novel North Korean hacking technique.
The company, which has offices in the US, UK, or Australia, recruited a North Korean cybercriminal to work as an IT contractor for a set period of time.
To keep the business safe, Secureworks is keeping its location generic.
Rafe Pilling, head of threat intelligence at Secureworks, claims that the criminal “accessed and exfiltrated company data” within days of beginning employment.
The criminal then utilized the compromised data “to demand a hefty ransom in return” after the work contract was completed.
The North Korean government, which was previously attempting to smuggle its employees into UK businesses, now adopted this new strategy.
According to an advisory note released last month by the government’s Office of Financial Sanctions Implementation (OFSI), it is highly probable that [North Korean] IT workers are currently targeting UK companies under the pretense of independent third-country IT workers in order to make money for the DPRK dictatorship.
According to OFSI, UK businesses that employ these people may be violating the “significant” restrictions that are presently in place against North Korea.
