Fooled by stolen ID, US firm hires North Korean hacker
US-based security vendor, KnowBe4, recently revealed an incident where it unknowingly hired a North Korean hacker. The company's CEO and founder, Stu Sjouwerman, detailed the event in a blog post. He stated that the hacker attempted to load malware into the company's network but assured that "no illegal access was gained and no data was compromised." The Federal Bureau of Investigation (FBI) is currently investigating this case under suspicion of an "Insider Threat/Nation State Actor."
Hacker employed as software engineer in IT AI team
The North Korean hacker was hired as a software engineer for KnowBe4's internal IT AI team. The individual used a valid but stolen US-based identity and an artificially enhanced photo to secure the position. Despite the photo being fake, Sjouwerman noted that the person interviewed for the job resembled it enough to pass scrutiny during KnowBe4's standard hiring process.
KnowBe4's hiring process and detection of suspicious activities
KnowBe4 followed its standard hiring process, which included posting the job, receiving resumes, conducting interviews, performing background checks, verifying references, and hiring the individual. The company's HR team conducted four video conference interviews on separate occasions. All pre-hiring checks came back clear due to the stolen identity being used. The new hire's suspicious activities were detected by security software on July 15, 2024.
Investigation and response to the malware incident
Upon detecting suspicious activities, KnowBe4's Security Operations Center (SOC) reached out to the employee. The worker claimed he was troubleshooting a speed issue on his router which may have caused a compromise. However, SOC analysis indicated that the loading of malware may have been intentional. Data collected was shared with Mandiant, a global cybersecurity expert, and the FBI for further investigation.
