KnowBe4, a US-based security vendor, recently disclosed that it unknowingly hired a North Korean hacker who attempted to introduce malware into the company\u2019s network. According to KnowBe4 CEO Stu Sjouwerman\u2019s blog post, the incident was quickly identified and mitigated without any data loss or unauthorized access.
\u201CFirst of all: No illegal access was gained, and no data was lost, compromised, or exfiltrated on any KnowBe4 systems,\u201D explained Sjouwerman. \u201CThis is not a data breach notification, there was none. See it as an organizational learning moment I am sharing with you. If it can happen to us, it can happen to almost anyone. Don\u2019t let it happen to you.\u201D
KnowBe4 had been searching for a software engineer for its internal IT AI team. The individual, reportedly from North Korea, used a stolen US-based identity and an artificially enhanced photo to secure the position. Following standard procedures, the firm conducted a series of four video interviews, a background check, and various other pre-hiring checks, all of which were cleared due to the stolen identity.
However, once the new hire received their Mac workstation, they immediately began loading malware. The suspicious activity was quickly detected by KnowBe4\u2019s Security Operations Center (SOC), which initiated an investigation. The individual claimed the anomalies were due to router troubleshooting, a statement that raised further suspicions. When the person became unresponsive, KnowBe4’s SOC contained the device.
KnowBe4 collaborated with global cybersecurity expert Mandiant and reported the findings to the FBI. As noted by Sjouwerman, \u201CIt turns out this was a fake IT worker from North Korea.\u201D The FBI is now spearheading an active investigation into the incident.
Sjouwerman elaborated on similar fraudulent employment tactics, noting that the infiltrator likely logged into the company computer remotely from North Korea or China, working during US business hours to avoid suspicion. The scheme enables these bad actors to get paid while siphoning a significant portion of their earnings to fund illegal programs in North Korea.
Further information regarding the incident is currently limited due to the ongoing FBI investigation, but Sjouwerman emphasized the importance of heightened vigilance in hiring practices to mitigate such risks.
You can read more about the incident in the original report by Ars Technica.