American cybersecurity firm KnowBe4 recently discovered that a new hire, brought on as a Principal Software Engineer, was actually a North Korean state actor. This individual attempted to install data-stealing malware on the company’s devices, but the threat was identified and neutralised before any data breach occurred.
This incident is the testament to the persistent threat from North Korean operatives posing as IT professionals, a danger that the FBI has been warning about since 2023. North Korea has a well-organised network of IT workers who disguise their true identities to secure employment with American companies. The revenue generated by these infiltrators funds the country’s weapons programs, cyber operations, and intelligence gathering.
How the Hacker Bypassed Checks
Before hiring the malicious actor, KnowBe4 conducted extensive background checks, verified references, and held four video interviews. Despite these precautions, the individual used a stolen U.S. identity and AI tools to create a fake profile picture that matched during the video calls. This deception enabled the hacker to bypass the initial vetting process.
On July 15, 2024, KnowBe4’s Endpoint Detection and Response (EDR) system flagged an attempt to load malware from the Mac workstation recently issued to the new hire. The malware, designed to steal information stored in web browsers, was intended to capture any leftover credentials or data from the computer’s previous user.
When confronted by KnowBe4′
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.