It’s a hard-earned lesson.
Fake IT
An security and anti-phishing company called KnowBe4 hired a remote worker — who, in an ironic twist, turned out to be a North Korean hacker.
The company hired the software engineer after they had passed through four separate video interviews and cleared background checks.
But shortly after the worker was sent a company-issued computer, things immediately went awry.
“The moment it was received, it immediately started to load malware,” the company’s founder and CEO Stu Sjouwerman wrote in a blog post.
As it turns out, the engineer was a “fake IT worker from North Korea.”
“This was a real person using a valid but stolen US-based identity,” Sjouwerman wrote. “The picture was AI ‘enhanced.'”
Hack and Slash
While the company claims that “no illegal access was gained” and “no data was lost, compromised, or exfiltrated,” the hacker didn’t waste any time.
“The attacker performed various actions to manipulate session history files, transfer potentially harmful files, and execute unauthorized software,” the blog post reads.
It’s an especially ironic situation, given KnowBe4 sells software that teaches employees to identify phishing attempts and spread security awareness.
The FBI has also repeatedly warned that North Korean state actors are infiltrating the US private sector by posing as remote IT workers. In a PSA last year, the agency listed a number of “red flag indicators,” including “unwillingness or inability to appear on camera, conduct video interviews or video meetings,” indications of cheating, company-issued laptops being freight forwarded overseas, and “repeated requests for prepayment.”
Earlier this year, the US Justice Department charged five individuals, accusing them of helping North Korea’s nuclear weapons program to generate revenue by infiltrating the US job market.
As a result, KnowBe4 recommends other companies vet references more diligently and get any hires on camera to “ask them about the work they are doing.”
“This is a well-organized, state-sponsored, large criminal ring with extensive resources,” Sjouwerman argued. “The case highlights the critical need for more robust vetting processes, continuous security monitoring, and improved coordination between HR, IT, and security teams in protecting against advanced persistent threats.”
In short, it’s a hard-learned lesson, especially for a cybersecurity awareness company.
“Our controls caught it, but that was sure a learning moment that I am happy to share with everyone,” Sjouwerman wrote.
More on North Korean hackers: Experts Warn North Korea Is Using AI Nefarious Purposes
Share This Article
