Subj : Firm hacked after accidentally hiring North Korean cyber criminal
To   : All
From : TechnologyDaily
Date : Thu Oct 17 2024 13:15:05

Firm hacked after accidentally hiring North Korean cyber criminal

Date:
Thu, 17 Oct 2024 12:02:00 +0000

Description:
A scammer was working for four months at the company. stealing sensitive 
information.

FULL STORY
======================================================================

A company was hacked after hiring a fake IT professional from North Korea. It 
has not been clarified whether this was a deliberate cyberattack against the 
organization, a disgruntled former employee, or a simple scam. 

The company, which was not named, operates either in the US, UK, or 
Australia. It sought to add an IT professional to the team, and tapped into 
the global talent pool. There, it found a suitable candidate, who obviously 
went through the hiring process and got the job. 

The person that was hired, however, faked their entire identity, including 
knowledge and previous experience. After being hired, the scammer accessed 
the companys infrastructure and downloaded as much sensitive information as 
they could. Simple scam, or something more? 

The miscreant worked for four months with the company, before allegedly being 
fired for poor performance. After that happened, the crook threatened to 
release all of the stolen data on the internet, or sell it to the highest 
bidder. He demanded a six-figure ransom in exchange for keeping the data 
private. 

According to the BBC, it is not known whether the company paid the ransom or 
not. 

This could either be a simple scam, or a disgruntled former employee taking 
revenge upon their former employers. However, it could be something more. 

Lazarus Group, a North Korean state-sponsored threat actor, is known in the 
cybersecurity community for its fake job attacks. Usually, they would set up 
a fake job ad on social media and try to hire software developers working in 
high-profile organizations. During the interview process, they would trick 
the candidate into installing malware , gaining access to their companys IT 
infrastructure. 

The attack works both ways, too, since the crooks were seen targeting 
organizations directly, by trying to get hired. Lazarus apparently goes for 
peoples cryptocurrency and uses the money to fund the states weapons program. 

 Via BBC More from TechRadar Pro North Korean Lazarus hackers are using a 
fake coding test to steal passwords Here's a list of the best firewalls today 
These are the best endpoint protection tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/firm-hacked-after-accidentally-hiring-n
orth-korean-cyber-criminal


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.