KnowBe4 Duped Into Hiring A North Korean Hacker

Uploaded on 2024-08-07 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW

The US cyber security awareness training firm KnowBe4 was shocked to discover that its recent hire was a North Korean hacker who’s aim was to install malware into the company’s IT systems. 

The hiring process for a new engineer was uneventful. After four rounds of interviews and background checks to  verify references, the candidate was offered a job. Somehow, the candidate was able to circumvent hiring due diligence using a stolen identity and AI-generated imagery. His real motivation became apparent when he began download malware on his new employer's workstation. 

On 15 July KnowBe4’s Endpoint Detection & Response software (EDR) detected suspicious activity from the user, prompting the company’s Security Operations Centre (SOC)  to contact the employee to question them. The SOC team wanted find out where he was actually located after he had been found performing a series of suspicious actions, including  executing malicious software. However, the new hire  he claimed he was unavailable to join a call and he became unresponsive before KnowBe4’s security staff isolated  his workstation from their network. 

On further investigation, KnowBe4 say these events are part of a wider campaign where North Korean threat actors try to get into US organisations posing as remote IT staff. 

The hackers get work devices sent to what KnowBe4 describes as an ‘IT mule laptop farm’ where they use a VPN to appear as if they are logging in from the US. To maintain their cover, the threat actors appear to actually carry out their responsibilities. They work the night shift to align themselves with the US workday and collecting their pay, which KnowBe4 believe is used to fund further illegal activities in North Korea.

Their advice for other organisations to avoid falling prey to a similar fraud, which includes scanning devices used by home workers to detect other remote contact, in addition to rigorous checks to ensure the prospect is really physically located where they claim to be.

KnowB4   |   ITPro   |    Local12   |    Fox13   |   Reddit   |    Dark Reading  

Image: Ideogram

You Might Also Read:

Most Wanted - North Korean Hackers:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 



 

« Artificial Intelligence Is Changing Education [extract]
Google’s Online Search Dominance Is Ruled Illegal »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cysec Resource Co (CRC)

Cysec Resource Co (CRC)

We offer expertise in information and cyber security, sourcing individuals and teams who provide information security expertise to the public and private sector.

EC-Council

EC-Council

EC-Council is a member-based organization that certifies individuals in various e-business and information security skills.

HackCon Norway

HackCon Norway

HackCon is for the people who are interested in technology, psychology, IT and security, and who wants to improve their knowledge within these areas.

Vysk Communications

Vysk Communications

Vysk is an award-winning mobile security firm that has developed the world’s most secure system for voice communication.

Cyber Security Challenge UK

Cyber Security Challenge UK

Cyber Security Challenge UK is a series of national competitions, learning programmes, and networking initiatives designed to identify, inspire and enable more people to become cybersec professionals.

Black Hills Information Security (BHIS)

Black Hills Information Security (BHIS)

Black Hills Information Security provide security testing and vulnerability assessment services.

eSec Forte Technologies

eSec Forte Technologies

eSec Forte Technologies is a CMMI Level-3 ISO 9001-2008, 27001-2013 certified global consulting and implementation company focused on Information Security and Cyber Security.

Deduce

Deduce

Deduce use a combination of aggregate historical user data, identity risk intelligence, and proactive alerting to deliver a robust identity and authentication solution.

Creative ITC

Creative ITC

Creative ITC is a leading infrastructure and cloud enablement company. We design and deliver exceptional managed services and cloud solutions.

Third Point Ventures

Third Point Ventures

Third Point brings deep technical expertise, a strong network of relationships, and decades of investing experience to add value to our partners throughout their journey from idea to IPO and beyond.

McAfee

McAfee

McAfee is a worldwide leader in online protection. We’re focused on protecting people, not devices. Our solutions adapt to our customers’ needs and empower them to confidently experience life online.

CXI Solutions

CXI Solutions

CXI Solutions: Your trusted partner in cybersecurity. We offer a full range of cybersecurity solutions to protect your business from digital attacks and virtual threats.

c0c0n

c0c0n

c0c0n is the longest running conferences in the area of Information Security and Hacking, in India.

Next DLP

Next DLP

Next DLP (formerly Jazz Networks) is a leading provider of insider risk and data protection solutions.

ZENDATA

ZENDATA

ZENDATA are an innovative provider of intelligent, tailored cybersecurity solutions to global companies and public sector institutions.

Siguria Kibernetike (Cyber Security)

Siguria Kibernetike (Cyber Security)

Siguria Kibernetike is a company based in Tirana that offers full service in the field of cyber and physical security.