KnowBe4 Duped Into Hiring A North Korean Hacker
The US cyber security awareness training firm KnowBe4 was shocked to discover that its recent hire was a North Korean hacker who’s aim was to install malware into the company’s IT systems.
The hiring process for a new engineer was uneventful. After four rounds of interviews and background checks to verify references, the candidate was offered a job. Somehow, the candidate was able to circumvent hiring due diligence using a stolen identity and AI-generated imagery. His real motivation became apparent when he began download malware on his new employer's workstation.
On 15 July KnowBe4’s Endpoint Detection & Response software (EDR) detected suspicious activity from the user, prompting the company’s Security Operations Centre (SOC) to contact the employee to question them. The SOC team wanted find out where he was actually located after he had been found performing a series of suspicious actions, including executing malicious software. However, the new hire he claimed he was unavailable to join a call and he became unresponsive before KnowBe4’s security staff isolated his workstation from their network.
On further investigation, KnowBe4 say these events are part of a wider campaign where North Korean threat actors try to get into US organisations posing as remote IT staff.
The hackers get work devices sent to what KnowBe4 describes as an ‘IT mule laptop farm’ where they use a VPN to appear as if they are logging in from the US. To maintain their cover, the threat actors appear to actually carry out their responsibilities. They work the night shift to align themselves with the US workday and collecting their pay, which KnowBe4 believe is used to fund further illegal activities in North Korea.
Their advice for other organisations to avoid falling prey to a similar fraud, which includes scanning devices used by home workers to detect other remote contact, in addition to rigorous checks to ensure the prospect is really physically located where they claim to be.
KnowB4 | ITPro | Local12 | Fox13 | Reddit | Dark Reading
Image: Ideogram
You Might Also Read:
Most Wanted - North Korean Hackers:
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible