North Korean hacker got hired by US security vendor loaded malware
KnowBe4 hired a North Korean hacker who attempted to introduce malware using a stolen identity. The incident highlighted the need for stringent hiring practices and robust security measures in organizations.
Read original article
KnowBe4, a US security vendor, inadvertently hired a North Korean hacker who attempted to introduce malware into the company's network. The individual used a valid but stolen US identity and an AI-enhanced photo to pass background checks and interviews. Upon receiving a company-issued Mac workstation, the hacker began loading malware, which was detected by KnowBe4's Security Operations Center (SOC). The SOC flagged suspicious activities, including attempts to manipulate session history files and transfer harmful files. The hacker claimed to be troubleshooting a router issue but later became unresponsive when contacted by the SOC. KnowBe4's CEO, Stu Sjouwerman, emphasized that no illegal access was gained, and no data was compromised, framing the incident as a learning opportunity for the organization. The company has since shared its findings with cybersecurity experts and the FBI, suspecting the hacker may have been operating as an insider threat or nation-state actor. The hacker likely worked remotely from North Korea or nearby, using a VPN to appear as if they were in the US. KnowBe4 highlighted the importance of stringent hiring practices and the need for robust security measures, especially for new employees in sensitive roles. The incident serves as a cautionary tale for other organizations about the potential risks of identity theft and insider threats in the cybersecurity landscape.
Related
TeamViewer confirms Russian spies hacked its corporate network
TeamViewer confirmed a breach by Russian state-sponsored hackers on June 26, 2024, contained within their Corporate IT environment. APT29, or Cozy Bear, was attributed to the attack. Organizations using TeamViewer should stay alert.
Microsoft Alerts More Customers to Email Theft in Expanding
Microsoft alerts more customers about email theft post-Midnight Blizzard hack by Russian government. Stolen emails accessed, shared with affected organizations for transparency. Ongoing attack used for planning further attacks. Assistance provided to mitigate risks.
Microsoft tells yet more customers their emails have been stolen
Microsoft notifies customers of email theft by Russian criminals, expanding breach scope. Compromised accounts' correspondents informed. US auto dealers face disruptions from cyber incident linked to CDK software. Rabbit R1 AI devices' security flaw disclosed. EU sanctions Russians for cyber attacks.
A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too
A hacker breached OpenAI's internal messaging systems, accessing A.I. technology details but not code. Concerns over national security risks arose, leading to internal security debates and calls for tighter controls on A.I. labs.
Remote work powered fraud – How to prevent
Remote hiring offers a wider talent pool but also raises fraud risks. Recent cases reveal elaborate schemes involving stolen identities. To counter this, companies should enhance background checks, use multi-factor authentication, conduct security audits, and provide fraud awareness training.
2 commentshttps://blog.knowbe4.com/how-a-north-korean-fake-it-worker-t...
I'm a little skeptical of this orgs hiring practices in the sense that nobody met this guy, they hired him and some of the details are a little vague like:
- Background check appears inadequate. Names used were not consistent.
- References potentially not properly vetted. Do not rely on email references only.
I'm wondering, was their background check effectively outsourced and it came back good or bad and they just accepted it?
Considering how many people are sometimes involved in hiring I can imagine that some folks just run the background check and everyone sort of ignores any strange signs and assumes someone else will look closer.
Related
TeamViewer confirms Russian spies hacked its corporate network
TeamViewer confirmed a breach by Russian state-sponsored hackers on June 26, 2024, contained within their Corporate IT environment. APT29, or Cozy Bear, was attributed to the attack. Organizations using TeamViewer should stay alert.
Microsoft Alerts More Customers to Email Theft in Expanding
Microsoft alerts more customers about email theft post-Midnight Blizzard hack by Russian government. Stolen emails accessed, shared with affected organizations for transparency. Ongoing attack used for planning further attacks. Assistance provided to mitigate risks.
Microsoft tells yet more customers their emails have been stolen
Microsoft notifies customers of email theft by Russian criminals, expanding breach scope. Compromised accounts' correspondents informed. US auto dealers face disruptions from cyber incident linked to CDK software. Rabbit R1 AI devices' security flaw disclosed. EU sanctions Russians for cyber attacks.
A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too
A hacker breached OpenAI's internal messaging systems, accessing A.I. technology details but not code. Concerns over national security risks arose, leading to internal security debates and calls for tighter controls on A.I. labs.
Remote work powered fraud – How to prevent
Remote hiring offers a wider talent pool but also raises fraud risks. Recent cases reveal elaborate schemes involving stolen identities. To counter this, companies should enhance background checks, use multi-factor authentication, conduct security audits, and provide fraud awareness training.