KnowBe4, a US-based security vendor, revealed that it unwittingly hired a North Korean hacker who attempted to load malware into the company’s network.
KnowBe4 operates in 11 countries and is headquartered in Florida. It provides security awareness training, including phishing security tests, to corporate customers.
KnowBe4 said it was looking for a software engineer for its internal IT AI team. The firm hired a person who, it turns out, was from North Korea and was “using a valid but stolen US-based identity” and a photo that was “enhanced” by artificial intelligence. There is now an active FBI investigation amid suspicion that the worker is what KnowBe4’s blog post is called “an Insider Threat/Nation State Actor.”
KnowBe4 hired the North Korean hacker through its usual process. “We posted the job, received résumés, conducted interviews, performed background checks, verified references, and hired the person. We sent them their Mac workstation, and the moment it was received, it immediately started to load malware,” the company said.
Even though the photo provided to HR was fake, the person who was interviewed for the job apparently looked enough like it to pass. KnowBe4's HR team "conducted four video conference based interviews on separate occasions, confirming the individual matched the photo provided on their application," the post said. "Additionally, a background check and all other standard pre-hiring checks were performed and came back clear due to the stolen identity being used. This was a real person using a valid but stolen US-based identity. The picture was AI 'enhanced.'"
The employee, referred to as “XXXX” in the blog post, was hired as a principal software engineer. The new hire’s suspicious activities were flagged by security software, leading KnowBe4’s Security Operations Center (SOC) to investigate
The SOC analysis indicated that the loading of malware may have been intentional by the user,and the group suspected he may be an Insider Threat/Nation State Actor. We shared the collected data with our friends at Mandiant and the FBI to corroborate our initial findings. It turns out this was a fake IT worker from North Korea. Sjouwerman wrote.
KnowBe4 said it can’t provide much detail because of the active FBI investigation. But the person hired for the job may have logged into the company computer remotely from North Korea, Sjouwerman explained:
This story is referenced from Ars Technicia
