North Korean Cyber Operatives Exploit Remote IT Jobs for Data Theft and Extortion

A new wave of cybercrime involves North Korean agents posing as IT contractors to infiltrate companies and demand ransoms.

Cybersecurity firm Secureworks has identified a pattern of North Korean operatives using fake identities to secure remote IT positions in Western companies.
Once employed, these operatives quickly exfiltrate sensitive data and later demand ransom payments, marking a shift from previous tactics focused on espionage.
The scheme involves sophisticated methods such as rerouting internet traffic through U.S.-based servers and using AI tools to avoid video calls.
Victimized companies have received six-figure ransom demands, payable in cryptocurrency, threatening to leak stolen data if not met.
Authorities warn that hiring these operatives could breach international sanctions and emphasize the need for thorough vetting and identity verification in hiring processes.