North Korean hacker infiltrates US cybersecurity firm KnowBe4
On Thursday, a U.S. cybersecurity company revealed a stunning case of attempted fraud with the message, “If it can happen to us, it can happen to almost anyone.”
KnowBe4, a global leader in cybersecurity solutions, issued a stark warning after falling victim to an elaborate scheme that bore striking similarities to a Hollywood plot.
Following the publication of the job advertisement, the company received numerous applications for a contract software engineer position. After extensive screening, the company selected one candidate and proceeded with four video conferences. Standard pre-employment screenings were conducted and references for the candidate were checked; all of these returned clear. The business moved forward with the hire, confident in their decision.
Hired to join the artificial intelligence team, the candidate indicated a taste for remote work. Not long after the new hire began, KnowBe4 found odd behavior on the corporate network. The company decided to investigate further because the new hire’s behavior seemed dubious.
When contacted, the recently hired software engineer answered evasively and finally stopped picking up calls completely. This behavior increased the company’s mistrust and led to their sharing of their findings with the FBI. Later studies produced shocking results.
The hired software engineer belonged to a hacker group from North Korea. The person had passed several security checks using falsified information and applied for a job using a stolen U.S. identity. Subsequent investigations revealed the use of sophisticated methods to improve the image of the forged resume.
KnowBe4’s software security team quickly identified the threat when alerted by their own systems. The compromised device was isolated right away to stop any possible damage. Working with international cybersecurity experts – including Mandiant and the FBI –helped to expose the whole scope of the fraud effort.
KnowBe4 made the incident public in an article on its official website, “How a North Korean Fake IT Worker Tried to Infiltrate Us,” while investigations are still underway. Though the exact details are still unknown, the company claims that there was no illegal access or data leak during this event.
The event emphasizes the need for alertness and strong security measures. KnowBe4 concluded their report with a series of recommendations.
- Regularly scan remote devices to prevent unauthorized access
- Improve ways of verifying identity
- Teach employees how to identify social engineering strategies
- Thoroughly review the references
This event emphasizes the complex strategies used by hacker groups sponsored by governments and the crucial need for ongoing security awareness against changing hazards.