A company was hacked after hiring a fake IT professional from North Korea. It is not clear whether this was a deliberate cyber attack against the organization, a disgruntled ex-employee or a “simple” scam.
The company, which was not named, operates in the US, UK or Australia. It sought to add an IT professional to the team and tap into the global talent pool. A suitable candidate was found there, who of course went through the recruitment process and got the job.
However, the person who was hired falsified his entire identity, including knowledge and previous experience. Once hired, the scammer gained access to the company’s infrastructure and downloaded as much sensitive information as possible.
Simple scam, or more?
The miscreant worked at the company for four months before he was reportedly fired for poor performance. The crook then threatened to release all stolen data on the Internet or sell it to the highest bidder. He demanded a six-figure ransom in exchange for keeping the data private.
According to the BBC, it is unknown whether the company paid the ransom or not.
This could be a simple scam, or a disgruntled former employee taking revenge on his former employer. However, it could be something more.
Lazarus Group, a North Korean state-sponsored threat actor, is known in the cybersecurity community for its “fake job” attacks. Typically, they posted a fake job advertisement on social media and tried to “hire” software developers working in high-profile organizations. During the job interview, they tried to trick the candidate into installing malware to gain access to their company’s IT infrastructure.
The attack also works both ways, as the crooks directly targeted organizations by trying to get hired. Lazarus apparently goes for people’s cryptocurrency and uses the money to fund the state’s weapons program.
Via BBC