Remote worker hired by security company turns out to be a North Korean hacker



It has been reported that security software developer

KnowBe4 hired a software engineer who was actually a North Korean hacker.

How a North Korean Fake IT Worker Tried to Infiltrate Us
https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us



Security Firm Discovers Remote Worker Is Really a North Korean Hacker | PCMag

https://www.pcmag.com/news/security-firm-discovers-remote-worker-is-really-a-north-korean-hacker

KnowBe4, which develops security awareness programs for phishing and cyber threats, was looking for a software engineer. KnowBe4 required job applicants to submit resumes, conducted multiple remote interviews, and conducted background checks, and one applicant passed this process.

The employee was successfully hired as a remote software engineer at KnowBe4, and KnowBe4 provided him with a Mac.

However, it was confirmed that the malware started loading on the Mac shortly after it arrived at the employee's house. KnowBe4 remotely suppressed the activity of the Mac before the malware could put internal systems at risk. When KnowBe4 contacted the employee, the employee reported that he had been following the steps in the router guide to resolve the speed issue. However, a subsequent investigation revealed that the employee had engaged in fraudulent activities such as 'manipulating session history files,' 'transferring harmful software,' and 'downloading malware using a Raspberry Pi.'



After that, employees never answered the phone.

A joint investigation by the FBI and Google's security team, Mandiant , concluded that the software engineer in question was in fact a North Korean hacker posing as an IT worker. KnowBe4 reported that 'the employee was accessing the site from North Korea via a VPN.'

For North Korean hackers, remote software engineering positions are an important way to steal confidential corporate information and devise new attack methods. The FBI has previously reported that 'thousands of North Koreans who have signed contracts with foreign companies, including the United States, are secretly transferring hundreds of millions of yen in wages to North Korea each year.'

FBI warns that thousands of North Koreans are falsely identities and working as remote workers in other countries, sending wages to North Korea for missile program - GIGAZINE



In the KnowBe4 case, the North Korean hackers used AI to edit stock images to get through the interview process at KnowBe4. The image below shows the original stock image on the left, and the AI-generated deep fake image on the right, which was actually submitted to KnowBe4's human resources department.



KnowBe4 said, 'This case highlights the importance of more robust screening processes, continuous security monitoring, and improved collaboration between HR, IT, and security teams to protect companies from advanced persistent threats.' KnowBe4 also advises its industry peers to 'interview potential applicants via video call to verify that the person is genuine.' It also recommends carefully checking references for candidates, rather than simply sending them an email.

in Security, Posted by log1r_ut