Security Firm Discovers Remote Worker Is Really a North Korean Hacker



A US security training company discovered it mistakenly hired a North Korean hacker to be a software engineer after the employee’s newly issued computer became infected with malware. The incident occurred at KnowBe4, which develops security awareness programs to teach employees about phishing attacks and cyber threats. The company recently hired a remote software engineer who cleared the interview and background check process. But last week, KnowBe4 uncovered something odd after sending the employee a company-issued Mac. “The moment it was received, it immediately started to load malware,” KnowBe4 wrote in a blog post on Tuesday. The company detected the malware thanks to the Mac’s onboard security software. An investigation, with the help of the FBI and Google’s security arm Mandiant, then concluded that the hired software engineer was actually a North Korean posing as an IT worker. Fortunately, the company remotely contained the Mac before the hacker could use the computer to compromise KnowBe4’s internal systems. When the malware was first detected, the company’s IT team initially reached out to the employee, who claimed “that he was following steps on his router guide to troubleshoot a speed issue.” But in reality, KnowBe4 caught the hired worker manipulating session files and executing unauthorized software, including using a Raspberry Pi to load the malware. In response, KnowBe4’s security team tried to call the hired software engineer, but he “stated he was unavailable for a call and later became unresponsive.”KnowBe4 says it shipped the work computer “to an address that is basically an ‘IT mule laptop farm,'” which the North Korean then accessed via VPN.Although KnowBe4 managed to thwart the breach, the incident still underscores how North Korean hackers are exploiting remote IT jobs to infiltrate US companies. In May, the US warned that one group of North Koreans had been using identities from over 60 real US persons to help them snag remote jobs. 

Recommended by Our Editors

The remote jobs can help North Korea generate revenue for their illegal programs and provide a way for the country’s hackers to steal confidential information and pave the way for other attacks. In the case of KnowBe4, the fake software engineer resorted to using an AI-edited photo of a stock image to help them clear the company’s interview process. 

Left is the original stock picture. Right is the AI deepfake submitted to KnowBe4’s Human Resources department. (Credit: KnowBe4)

“This case highlights the critical need for more robust vetting processes, continuous security monitoring, and improved coordination between HR, IT, and security teams in protecting against advanced persistent threats,” KnowBe4 added. To prevent a repeat, KnowBe4 is advising its peers in the industry to consider interviewing prospective employees on a video call to ensure they’re real. Another tip is to check the candidate’s references beyond merely emailing them.

Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

We will be happy to hear your thoughts

Leave a reply

Gadgetsbestdeals
Logo
Compare items
  • Total (0)
Compare
0
Shopping cart