KnowBe4, a US-based security vendor specializing in security awareness training, revealed that it accidentally hired a North Korean hacker who attempted to install malware within its systems. This incident serves as a stark reminder of the sophistication and reach of cyber threats. The company’s CEO, Stu Sjouwerman, shared the details in a blog post, emphasizing that no data was compromised or stolen.
The hacker, posing as a software engineer for KnowBe4’s internal IT AI team, used a stolen US-based identity and a photo enhanced with artificial intelligence to secure the position. Despite passing background checks and video interviews, the individual began suspicious activities immediately upon receiving their workstation. The hacker’s actions included manipulating session history files, transferring harmful files, and executing unauthorized software, using a Raspberry Pi to facilitate the malware download.
KnowBe4’s Security Operations Center (SOC) detected the unusual behavior on July 15, 2024. The hacker, referred to as “XXXX” in the company’s blog post, initially claimed the activity resulted from troubleshooting a router issue. However, when SOC attempted to follow up, the hacker became unresponsive, leading the team to contain the device.
The investigation revealed that the hacker was likely working remotely from North Korea, using a VPN to appear as if they were operating during US business hours. The individual’s goal was to siphon funds to North Korea, supporting illegal activities. KnowBe4’s controls and restricted access for new employees prevented any significant damage.
The incident shows the ongoing threats posed by nation-state actors in cyberspace. KnowBe4 is cooperating with the FBI and cybersecurity experts at Mandiant as the investigation continues. The company hopes this serves as a cautionary tale for other organizations.
Featured Image by DC Studio on Freepik
Follow us for more news on malware attacks.