Various IT new-casters are reporting continued problems with cyber-extortion and severe hacking incidents after hiring North Korean cybercriminal as a remote IT contractors. The BBC report identifies a latest incident where a Korean individual falsified credentials about their background and employment in order to operate under the guise of a freelance IT specialist, to become hired by a company in the USA and then to use that hire to gain access to sensitive corporate systems, while maintaining the appearance of a diligent contractor, secretly collecting critical data over a four-month period, all the while earning a salary that experts believe was funnelled back to North Korea via a complex laundering process designed to circumvent international sanctions on the regime. Shortly after being sacked, the inevitable ransomware demand arrived requiring a six-figure sum in cryptocurrency.
This highlights a new escalation in North Korea’s long-standing efforts to generate income through its rogue cyber units and cybersecurity firm Mandiant recently claimed that dozens of Fortune 100 companies have unwittingly hired North Korean operatives who have been involved with fraudulent activity and hacking.
OFSI, the UK Office of Financial Sanctions Implementation has issued repeated warnings to companies about the risks of hiring North Korean IT workers as these actions violate the significant sanctions currently in place against the regime and publishing a list of tell-tale signs that a contractor may be a North Korean agent (including inconsistencies in their information, refusal to appear on camera, and unusual requests for payment or payment routing).
North Korean hacking group Sapphire Sleet, known for its involvement in cryptocurrency theft and phishing attacks, is state-sponsored to create fake skills CVs and also has developed numerous assessment portals to gather sensitive personal information and credentials on legitimate workers so that North Korean IT hackers can impersonate them to get employed by target companies. OFSI has been warning of the need for IT workers to be cautious of unsolicited messages containing links or skill assessment offers as well as the need to verify the authenticity of any websites before providing any personal information or login credentials.