{"id":5357,"date":"2024-10-18T13:00:37","date_gmt":"2024-10-18T13:00:37","guid":{"rendered":"https:\/\/tradetrovex.com\/index.php\/2024\/10\/18\/company-hacked-after-accidentally-hiring-north-korean-cyber-criminal\/"},"modified":"2024-10-18T13:00:37","modified_gmt":"2024-10-18T13:00:37","slug":"company-hacked-after-accidentally-hiring-north-korean-cyber-criminal","status":"publish","type":"post","link":"https:\/\/tradetrovex.com\/index.php\/2024\/10\/18\/company-hacked-after-accidentally-hiring-north-korean-cyber-criminal\/","title":{"rendered":"Company hacked after accidentally hiring North Korean cyber criminal"},"content":{"rendered":"<p>A company was hacked after it hired a North Korean cyber criminal posing as an IT contractor.<\/p>\n<p>The unnamed company fell victim to a new <strong>North Korean<\/strong> hacking tactic, according to cybersecurity company Secureworks, which investigated the incident.<\/p>\n<div class=\"sdc-site-outbrain sdc-site-outbrain--AR_6\">    <\/div>\n<p>A North Korean cyber criminal posing as an IT contractor was hired for a fixed-term contract by the firm, which is based either in the UK, US or Australia.<\/p>\n<p>Secureworks is keeping the company\u2019s location general in order to protect the company.<\/p>\n<p>Within days of starting work, the criminal \u201caccessed and exfiltrated company data\u201d, according to Rafe Pilling, who is the director of threat intelligence at Secureworks.<\/p>\n<div class=\"ad ad--teads\">        <\/div>\n<p>Then, when the employment contract was finished, the criminal used the <strong>hacked<\/strong> data \u201cto demand a hefty ransom in return for not publishing\u201d it, said Mr Pilling.<\/p>\n<p>This is a new tactic for the North Korean regime, which was already trying to sneak its workers into UK companies.<\/p>\n<p>\u201cIt is almost certain that UK firms are currently being targeted by [North Korean] IT workers disguised as freelance third-country IT workers to generate revenue for the DPRK regime,\u201d said an advisory note published by the government\u2019s Office of Financial Sanctions Implementation (OFSI) last month.<\/p>\n<p>UK companies that hire these workers could be breaching the \u201csignificant\u201d sanctions currently placed on North Korea, according to OFSI.<\/p>\n<p>Although it is thought those workers\u2019 salaries were being used to fund the North Korean regime, this latest incident, and others like it, mark \u201ca serious escalation\u201d of risk for companies, said Mr Pilling.<\/p>\n<p>\u201cNo longer are [the fake workers] just after a steady paycheck, they are looking for higher sums, more quickly, through data theft and extortion, from inside the company defences,\u201d he said.<\/p>\n<p>UK companies should protect themselves from these kinds of attacks by being on \u201chigh alert\u201d, he said.<\/p>\n<p>OFSI published a list of tell-tale signs that a new contractor is not who they say they are and is, in fact, an agent for the North Korean government.<\/p>\n<p>Some of those include being inconsistent with the spelling of their name, their nationality, location, experience and online presence or refusing to appear on camera.<\/p>\n<p>Mr Pilling said companies should monitor for long pauses if they do appear on camera for job interviews and OFSI warns that people who request prepayment but then fail to complete tasks, or just generally fail to do the job, could also be suspicious.<\/p>\n<p>Attempts to re-route corporate IT equipment sent to the contractor\u2019s home, routing paychecks to money transfer services and accessing the corporate network with unauthorised remote access tools should also be red flags.<\/p>\n<\/p>\n<div>This post appeared first on sky.com<\/div>\n","protected":false},"excerpt":{"rendered":"<p>A company was hacked after it hired a North Korean cyber criminal posing as an&hellip;<\/p>\n","protected":false},"author":0,"featured_media":5358,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-5357","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tech-news"],"_links":{"self":[{"href":"https:\/\/tradetrovex.com\/index.php\/wp-json\/wp\/v2\/posts\/5357","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tradetrovex.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tradetrovex.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/tradetrovex.com\/index.php\/wp-json\/wp\/v2\/comments?post=5357"}],"version-history":[{"count":0,"href":"https:\/\/tradetrovex.com\/index.php\/wp-json\/wp\/v2\/posts\/5357\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tradetrovex.com\/index.php\/wp-json\/wp\/v2\/media\/5358"}],"wp:attachment":[{"href":"https:\/\/tradetrovex.com\/index.php\/wp-json\/wp\/v2\/media?parent=5357"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tradetrovex.com\/index.php\/wp-json\/wp\/v2\/categories?post=5357"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tradetrovex.com\/index.php\/wp-json\/wp\/v2\/tags?post=5357"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}