KnowBe4 Duped Into Hiring A North Korean Hacker

Uploaded on 2024-08-07 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW

The US cyber security awareness training firm KnowBe4 was shocked to discover that its recent hire was a North Korean hacker who’s aim was to install malware into the company’s IT systems. 

The hiring process for a new engineer was uneventful. After four rounds of interviews and background checks to  verify references, the candidate was offered a job. Somehow, the candidate was able to circumvent hiring due diligence using a stolen identity and AI-generated imagery. His real motivation became apparent when he began download malware on his new employer's workstation. 

On 15 July KnowBe4’s Endpoint Detection & Response software (EDR) detected suspicious activity from the user, prompting the company’s Security Operations Centre (SOC)  to contact the employee to question them. The SOC team wanted find out where he was actually located after he had been found performing a series of suspicious actions, including  executing malicious software. However, the new hire  he claimed he was unavailable to join a call and he became unresponsive before KnowBe4’s security staff isolated  his workstation from their network. 

On further investigation, KnowBe4 say these events are part of a wider campaign where North Korean threat actors try to get into US organisations posing as remote IT staff. 

The hackers get work devices sent to what KnowBe4 describes as an ‘IT mule laptop farm’ where they use a VPN to appear as if they are logging in from the US. To maintain their cover, the threat actors appear to actually carry out their responsibilities. They work the night shift to align themselves with the US workday and collecting their pay, which KnowBe4 believe is used to fund further illegal activities in North Korea.

Their advice for other organisations to avoid falling prey to a similar fraud, which includes scanning devices used by home workers to detect other remote contact, in addition to rigorous checks to ensure the prospect is really physically located where they claim to be.

KnowB4   |   ITPro   |    Local12   |    Fox13   |   Reddit   |    Dark Reading  

Image: Ideogram

You Might Also Read:

Most Wanted - North Korean Hackers:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 



 

« Artificial Intelligence Is Changing Education [extract]
Google’s Online Search Dominance Is Ruled Illegal »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

OCERT

OCERT

OCERT is the National Computer Emergency Response Team of Oman.

RevenueStream

RevenueStream

RevenueStream uses an innovative algorithmic approach to intercept and prevent payment fraud before it even happens.

KLC Consulting

KLC Consulting

KLC Consulting offers information assurance / Security, IT Audit, and Information Technology products and services to government and Fortune 1000 companies.

Taoglas

Taoglas

Taoglas Next Gen IoT Edge software provides a pay as you go platform for customers to connect, manage and maintain their edge devices in an efficient and secure way.

Ten Eleven Ventures

Ten Eleven Ventures

Ten Eleven is a specialized venture capital firm exclusively dedicated to helping cybersecurity companies thrive.

Mindsight

Mindsight

Mindsight is a technology consulting firm with expertise from cybersecurity to cloud, disaster recovery to infrastructure, and collaboration to contact center.

ScienceSoft

ScienceSoft

ScienceSoft is a provider of software development and IT consulting services including Information Security.

Tetra Tech

Tetra Tech

Tetra Tech is a cybersecurity leader with extensive experience in supporting enterprise-wide programs and systems across multiple business lines from industrial control systems to health IT.

Digital Boundary Group (DBG)

Digital Boundary Group (DBG)

Digital Boundary Group (DBG) is an information technology security assurance services firm providing information technology security auditing and compliance assessment services to clients worldwide.

Suresecure

Suresecure

Suresecure are a specialised consulting company providing Strategic IT security consulting, Managed Security Services, and Incident Response Management.

Abu Dhabi Gov Digital

Abu Dhabi Gov Digital

Gov Digital (formerly Abu Dhabi Digital Authority - ADDA) enable, support and deliver a digital government that is proactive, personalised, collaborative and secure.

Softwerx

Softwerx

Softwerx is the UK’s leading Microsoft cloud security practice. We’ve been helping forward-thinking companies better secure their businesses for nearly twenty years.

Bastion Technologies

Bastion Technologies

All your cyber defense. One platform. Keep your business assets and employees safe under one roof. Manage your cyber defense quickly, easily & efficiently.

FastPassCorp

FastPassCorp

In the world of IT, identity theft is a growing concern. FastPass offers an innovative solution as a cloud or on-premises offering.

Cyber Qubits

Cyber Qubits

Cyber Qubits is a cybersecurity training and consulting company focused on developing the next generation of cybersecurity professionals.

CyRiSo

CyRiSo

CyRiSo is a cyber security consulting company with a focus on 'as-a-service' services for the most pressing challenges of cyber security.