A company was hacked after hiring a fake IT professional from North Korea. It has not been clarified whether this was a deliberate cyberattack against the organization, a disgruntled former employee, or a “simple” scam.
The company, which was not named, operates either in the US, UK, or Australia. It sought to add an IT professional to the team, and tapped into the global talent pool. There, it found a suitable candidate, who obviously went through the hiring process and got the job.
The person that was hired, however, faked their entire identity, including knowledge and previous experience. After being hired, the scammer accessed the company’s infrastructure and downloaded as much sensitive information as they could.
Simple scam, or something more?
The miscreant worked for four months with the company, before allegedly being fired for poor performance. After that happened, the crook threatened to release all of the stolen data on the internet, or sell it to the highest bidder. He demanded a six-figure ransom in exchange for keeping the data private.
According to the BBC, it is not known whether the company paid the ransom or not.
This could either be a simple scam, or a disgruntled former employee taking revenge upon their former employers. However, it could be something more.
Lazarus Group, a North Korean state-sponsored threat actor, is known in the cybersecurity community for its “fake job” attacks. Usually, they would set up a fake job ad on social media and try to “hire” software developers working in high-profile organizations. During the interview process, they would trick the candidate into installing malware, gaining access to their company’s IT infrastructure.
The attack works both ways, too, since the crooks were seen targeting organizations directly, by trying to get hired. Lazarus apparently goes for people’s cryptocurrency and uses the money to fund the state’s weapons program.
Via BBC