Fast exposure

The botched hacker was quickly exposed. Founder and CEO Stu Siverman wrote in a blog post that the new employee “immediately began downloading malware” shortly after being sent a work computer. This allowed for immediate detection of malicious activity.

As Suverman explains, KnowBe4 needed a software engineer, and the company posted an opening online. It eventually took resumes, conducted interviews, checked references and credentials, and finally hired the person. The employee was immediately sent a brand-new Mac.

Only then did security IT systems detect suspicious activity from a new employee.

We shared the data we collected with our friends at Mandiant, a world-leading cybersecurity expert, and the FBI to confirm our initial findings. It turned out to be a rogue IT employee from North Korea.
– says the message.

The image the candidate submitted at the time was an AI scam that started with a stock photo. However, the company says it conducted a total of four video interviews to “verify that the person matched the photo submitted on the application.” It appears the hacker also faked the live image.

Original photo from the sewer and fake photo sent to KnowBe4 / Screenshot from 24 Channel / Photo: KnowBe4

The result was that “it was a real person using a valid but stolen identification card in the United States.”

Results

The company assures that “no illegal access was gained to any KnowBe4 system, no data was lost, compromised or stolen.” Apparently, the company was able to detect and stop suspicious activity in a timely manner because it literally specializes in this.

The attacker performed various actions to modify session history files, transfer potentially malicious files, and execute malware.
– says the message on the blog.

The FBI has repeatedly warned that North Korean state hackers are infiltrating the US private sector by posing as remote IT employees.

• In a press release last year, the agency cited “unwillingness or inability to appear on camera, conduct video interviews or video meetings,” signs of fraud, shipping of company-issued laptops abroad, as well as “repeated requests for upfront payment.”
• Also earlier this year, the U.S. Justice Department indicted five people, accusing them of helping North Korea profit from its nuclear weapons program by hacking U.S. companies.

“This is a well-organized, state-funded, resourceful, large-scale criminal group. This case underscores the critical need for more robust vetting processes, ongoing security monitoring, and enhanced coordination between HR, IT, and security services to protect against today’s persistent threats,” Suverman adds.