The unidentified firm, which operates in the UK, US, or Australia, recruited the technician who had falsified his employment history and personal details, according to the BBC.

After gaining access to the company's systems, the hacker stole sensitive data and demanded a ransom.

Cybersecurity firm Secureworks, which is assisting the company, revealed the hacker was employed for four months – during which he secretly downloaded company information.

After being dismissed for poor performance, the cybercrook issued a ransom demand, threatening to publish or sell the stolen data if the company failed to pay a six-figure sum in cryptocurrency.

Rafe Pilling, director of threat intelligence at Secureworks, said: "This is a serious escalation of the risk from fraudulent North Korean IT worker schemes.

"No longer are they just after a steady pay check, they are looking for higher sums, more quickly, through data theft and extortion, from inside the company defences."

The firm targeted has not disclosed whether the ransom was paid.

It's another incident in a worrying trend where North Korean operatives disguise themselves as remote workers to infiltrate Western companies, with earnings funnelled back to the North Korean regime in violation of sanctions.

Since 2022, US and South Korean authorities have raised alarms about North Korea deploying thousands of remote workers to take high-paying jobs in the West.

In September, cybersecurity firm Mandiant revealed that dozens of Fortune 100 companies had unknowingly employed North Koreans.

But instances of these covert IT workers turning to cybercrime are still rare.

In July, another North Korean operative was caught attempting to breach their employer's systems at cybersecurity firm KnowBe4, who quickly disabled their access.

Authorities are urging employers to exercise caution when hiring remote staff.