A company was hacked after hiring a fake North Korean IT professional. It has not been clarified whether this was a deliberate cyberattack against the organization, a disgruntled former employee, or a “simple” scam.
The company, which was not identified, operates in the US, UK or Australia. He looked to add an IT professional to the team and tapped into the global talent pool. There he found a suitable candidate, who obviously went through the hiring process and got the job.
The person hired, however, faked his entire identity, including previous knowledge and experience. After being hired, the scammer accessed the company's infrastructure and downloaded as much confidential information as he could.
Simple scam or something more?
The criminal worked for four months at the company, before allegedly being fired for poor performance. After that happened, the criminal threatened to publish all the stolen data on the Internet or sell it to the highest bidder. He demanded a six-figure ransom in exchange for keeping the data private.
According to the Agency, it is unknown whether the company paid the ransom or not.
This could be a simple scam or a disgruntled former employee taking revenge on their former employers. However, it could be something more.
Lazarus Group, a North Korean state-sponsored threat actor, is known in the cybersecurity community for its “fake jobs” attacks. They typically posted a fake job ad on social media and attempted to “hire” software developers working at high-profile organizations. During the interview process, the candidate was tricked into installing malware and gaining access to their company's IT infrastructure.
The attack also works both ways, as criminals were seen targeting organizations directly, when trying to get hired. Lazarus is apparently banking on people's cryptocurrencies and using the money to fund the state's weapons program.
Through Agency