KnowBe4 Duped Into Hiring A North Korean Hacker

Uploaded on 2024-08-07 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW

The US cyber security awareness training firm KnowBe4 was shocked to discover that its recent hire was a North Korean hacker who’s aim was to install malware into the company’s IT systems. 

The hiring process for a new engineer was uneventful. After four rounds of interviews and background checks to  verify references, the candidate was offered a job. Somehow, the candidate was able to circumvent hiring due diligence using a stolen identity and AI-generated imagery. His real motivation became apparent when he began download malware on his new employer's workstation. 

On 15 July KnowBe4’s Endpoint Detection & Response software (EDR) detected suspicious activity from the user, prompting the company’s Security Operations Centre (SOC)  to contact the employee to question them. The SOC team wanted find out where he was actually located after he had been found performing a series of suspicious actions, including  executing malicious software. However, the new hire  he claimed he was unavailable to join a call and he became unresponsive before KnowBe4’s security staff isolated  his workstation from their network. 

On further investigation, KnowBe4 say these events are part of a wider campaign where North Korean threat actors try to get into US organisations posing as remote IT staff. 

The hackers get work devices sent to what KnowBe4 describes as an ‘IT mule laptop farm’ where they use a VPN to appear as if they are logging in from the US. To maintain their cover, the threat actors appear to actually carry out their responsibilities. They work the night shift to align themselves with the US workday and collecting their pay, which KnowBe4 believe is used to fund further illegal activities in North Korea.

Their advice for other organisations to avoid falling prey to a similar fraud, which includes scanning devices used by home workers to detect other remote contact, in addition to rigorous checks to ensure the prospect is really physically located where they claim to be.

KnowB4   |   ITPro   |    Local12   |    Fox13   |   Reddit   |    Dark Reading  

Image: Ideogram

You Might Also Read:

Most Wanted - North Korean Hackers:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 



 

« Artificial Intelligence Is Changing Education [extract]
Google’s Online Search Dominance Is Ruled Illegal »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Dark Reading

Dark Reading

Dark Reading is the most trusted online community for security professionals.

Skkynet Cloud Systems

Skkynet Cloud Systems

Skkynet is a leader in real-time data systems for the secure management and control of industrial processes (SCADA) and embedded devices (M2M).

AFCON Control & Automation

AFCON Control & Automation

AFCON is a leading global provider of software solutions and services for the smart management of Control & Automation systems in the age of Digital Transformation.

Deep Instinct

Deep Instinct

Deep Instinct provides comprehensive defense that is designed to protect against the most evasive unknown malware in real-time, across an organization’s endpoints, servers, and mobile devices.

ReversingLabs

ReversingLabs

ReversingLabs develops cyber threat detection and mitigation tools that address the the latest directed attacks, advanced persistent threats and polymorphic malware.

VMRay

VMRay

VMRay delivers advanced threat analysis and detection that combines a unique agentless hypervisor-based network sandbox with a real-time reputation engine.

MindPoint Group (MPG)

MindPoint Group (MPG)

MindPoint Group is a specialist Information Security Consulting firm.

Nakivo

Nakivo

NAKIVO is dedicated to delivering the ultimate backup, ransomware protection and disaster recovery solution for virtual, physical, cloud and SaaS environments.

SecZetta

SecZetta

SecZetta provides third-party identity risk solutions that are easy to use, and purpose built to help organizations execute risk-based identity access and lifecycle strategies.

Binare

Binare

Binare empowers companies all over the world to improve their IIot/IoT /Embedded cybersecurity posture and digital privacy.

Indevis

Indevis

Indevis provides IT security, datacenter and network solutions, accompanied by professional consulting, management and support services.

Sify Technologies

Sify Technologies

Sify is the largest ICT service provider, systems integrator, and all-in-one network solutions company on the Indian subcontinent.

J.S. Held

J.S. Held

J.S. Held is a global consulting firm providing technical, scientific, and financial expertise across all assets and value at risk.

xdr.global

xdr.global

Xdr.global is a cybersecurity consulting firm, focused on promoting and aligning Extended Detection and Response (XDR) security solutions.

Secure Cyber Management

Secure Cyber Management

Secure Cyber Management provides industry-leading cloud security advice, guidance and services.

Velaspan

Velaspan

Velaspan design, deploy, and manage enterprise wireless networks and cybersecurity solutions for leading businesses and brands.