A US security firm recently made a blog post about how it got conned into unknowingly hiring a North Korean hacker. The security company, KNowBe4, is known for making customised security awareness programs for different companies, designed to educate employees on the danger of hackers and threat actors.
According to the blog, the CEO and founder of the security firm, Stu Sjouwerman, posted a job for a software engineer within the internal IT AI team. The North Korean hacker was interviewed a total of four times via video, and the team confirmed the individual’s “likeness” to the photo on their applications. Other things like their background and other pre-hiring checks were in order and soon hired as a remote worker.
What KnowBe4 didn’t know was that the picture the North Korean hacker had used was a stock photo that had been altered with AI and attached to a valid but stolen US-based ID. But again, the company didn’t know.
It was only after the hacker had received his company-issued Mac workstation that alarm bells starting ringing, and loudly. KnowBe4 describes the situation as somewhat instantaneous – the individual immediately began loading up the system with malware, and when the company’s SOC team contacted the hacker to ask about the detection, they claimed that they were just following steps on his router, and that may have compromised the system.
However, the North Korean hacker was also pulling off some questionable actions, including manipulating session history files, transferring potentially harmful files, and even executing unauthorised software. At this point, the hacker wasn’t even responding to KnowBe4’s calls.
The CEO of the security firm states that despite the hacker’s action, the company’s quick thinking allowed them to contain the threat within 25 minutes after the threat actor’s actions were detected.
This isn’t the first time North Korean hackers have been found using stolen identities to secure gainful employment in the US. Believe it or not, some of them actually do these jobs to literally get paid in US dollars, which is then used by the North Korean government to fund what many have classified as illegal programs.
Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news.