KnowBe4 Duped Into Hiring A North Korean Hacker

Uploaded on 2024-08-07 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW

The US cyber security awareness training firm KnowBe4 was shocked to discover that its recent hire was a North Korean hacker who’s aim was to install malware into the company’s IT systems. 

The hiring process for a new engineer was uneventful. After four rounds of interviews and background checks to  verify references, the candidate was offered a job. Somehow, the candidate was able to circumvent hiring due diligence using a stolen identity and AI-generated imagery. His real motivation became apparent when he began download malware on his new employer's workstation. 

On 15 July KnowBe4’s Endpoint Detection & Response software (EDR) detected suspicious activity from the user, prompting the company’s Security Operations Centre (SOC)  to contact the employee to question them. The SOC team wanted find out where he was actually located after he had been found performing a series of suspicious actions, including  executing malicious software. However, the new hire  he claimed he was unavailable to join a call and he became unresponsive before KnowBe4’s security staff isolated  his workstation from their network. 

On further investigation, KnowBe4 say these events are part of a wider campaign where North Korean threat actors try to get into US organisations posing as remote IT staff. 

The hackers get work devices sent to what KnowBe4 describes as an ‘IT mule laptop farm’ where they use a VPN to appear as if they are logging in from the US. To maintain their cover, the threat actors appear to actually carry out their responsibilities. They work the night shift to align themselves with the US workday and collecting their pay, which KnowBe4 believe is used to fund further illegal activities in North Korea.

Their advice for other organisations to avoid falling prey to a similar fraud, which includes scanning devices used by home workers to detect other remote contact, in addition to rigorous checks to ensure the prospect is really physically located where they claim to be.

KnowB4   |   ITPro   |    Local12   |    Fox13   |   Reddit   |    Dark Reading  

Image: Ideogram

You Might Also Read:

Most Wanted - North Korean Hackers:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 



 

« Artificial Intelligence Is Changing Education [extract]
Google’s Online Search Dominance Is Ruled Illegal »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ComSec LLC

ComSec LLC

ComSec perform threat assessments to identify vulnerabilities and help protect businesses against corporate espionage via electronic eavesdropping.

HUB International

HUB International

HUB is one of the largest insurance brokers in the world. HUB Risk Services provides the full range of expert consulting to identify risks, reduce exposure to loss and manage claims issues.

ControlCase

ControlCase

ControlCase provide solutions that address all aspects of IT-GRCM (Governance, Risk Management and Compliance Management).

IAC

IAC

IAC is a specialist Irecruitment consultancy covering Internal Audit, Risk, Controls, Governance, IT Audit, and Cyber Security roles.

ICS-CSR

ICS-CSR

ICS-CSR is a research conference bringing together researchers with an interest in the security of industrial control systems.

Cognyte

Cognyte

Cognyte is a global leader in investigative analytics software that empowers a variety of government and other organizations with Actionable Intelligence for a Safer World.

Kordia

Kordia

Kordia is a leading provider of mission-critical technology solutions throughout Australasia. We have the most comprehensive cyber security offering in New Zealand.

Larsen & Toubro Infotech (LTI)

Larsen & Toubro Infotech (LTI)

LTI is a global technology consulting and digital solutions company with operations in 33 countries.

Vala Secure

Vala Secure

Vala Secure is a cybersecurity and compliance consultancy that always stays ahead of regulations, future threats and ever-changing security environments.

Netgo

Netgo

Netgo group meet the requirements of a complex, digitized world with IT consulting, IT solutions & services, managed & cloud services and software products & development.

Securonix

Securonix

Securonix delivers a next generation security analytics and operations management platform for the modern era of big data and advanced cyber threats.

TrafficGuard

TrafficGuard

TrafficGuard is an award-winning digital ad verification and fraud prevention platform.

Technoware Solutions

Technoware Solutions

Technoware Solutions is a global company committed to helping entities navigate the digital waters of modernizing their system processes in an ever changing cybersecurity landscape.

VeriBOM

VeriBOM

VeriBOM is a SaaS security and compliance platform that helps protect you and your customers through automation, documentation, and transparency for every software application you build or run.

RapidFort

RapidFort

RapidFort’s Software Attack Surface Optimization Platform remediates 95% of software vulnerabilities in minutes without code changes.

XeneX

XeneX

XeneX Cloud Security Services address enterprise-class security challenges by enabling DevOps and Security teams to access a shared source of truth.