A US security firm was tricked into hiring a North Korean hacker who installed malware

midian182

midian182

Posts: 10,633   +141
Staff member
What just happened? In a warning that highlights the lengths cybercriminals will go to infiltrate systems, a US security training company has revealed it was tricked into hiring a North Korean hacker as a software engineer. The firm only discovered what happened when he loaded the company-provided computer with malware.

KnowBe4 creates customized security awareness programs for companies, developed to teach employees about hacking dangers. An example is testing susceptibility to phishing attacks by sending employees fake emails to see if anyone falls for the ruse.

In a recent post, CEO and founder Stu Sjouwerman told a cautionary tale, though he emphasized that no company data was lost, compromised, or exfiltrated, and there was no breach.

It started when KnowBe4 posted a job for a software engineer for its internal IT AI team. After HR conducted four video interviews with a candidate on separate occasions, confirmed the individual matched the photo on their application, checked their background, and performed other pre-hiring checks, the person in question was hired to work remotely.

What the company didn't know was that the new hire was using a valid but stolen US-based ID and stock photo, which had been altered using AI, to convince KnowBe4 that they were a legitimate candidate. You can see the original stock photo (left) and the AI-enhanced one below.

The interviewers believed the person they interviewed looked enough like the faked photo to be convincing.

All seemed normal, until last week when the employee, referred to only as XXXX, was sent his company-supplied Mac workstation. The moment it was received, it immediately started to load malware.

KnowBe4's SOC team contacted XXXX to inquire about the detection and its possible cause. He claimed that he was following steps on his router guide to troubleshoot a speed issue and that it may have caused a compromise.

XXXX then performed actions to manipulate session history files, transfer potentially harmful files, and execute unauthorized software. He used a Raspberry Pi to download the malware. The company tried to get him on video call but he said he was unavailable and later became unresponsive. His device was contained about 25 minutes after the suspicious activities were detected.

Analysis suggests that XXXX may be an Insider Threat/Nation State Actor. The information was shared with cybersecurity firm Mandiant and the FBI. It was determined that XXXX was a fake IT worker from North Korea.

KnowBe4 said the work Mac was shipped to an address "that is basically an 'IT mule laptop farm," which XXXX accessed via VPN. He also worked night shift so it appeared he was working US daytime.

There have been warnings of North Koreans using stolen identities to secure remote US jobs. Their wages are used to fund North Korea's illegal programs, and the positions enable access to sensitive information and the opportunity to breach systems/install malware.

Permalink to story:

A US security firm was tricked into hiring a North Korean hacker who installed malware

 
This just goes to show how foolish many companies have become because of personnel shortages. They take short cuts in order to fill positions, leaving themselves highly vulnerable. Also, the entire field of so called HR professionals sorely lack the skill sets or contacts to do proper background checks and just to justify their positions by the number of resume's they review on new hires. Companies need to return to the tried and true method of making Managers conduct their own personnel search, reviews and interviews and have HR focus on their original primary mission. Any manager that can't put together an Ad campaign and find their own employee's are simply not qualified to be a manager.
 
  • Like
Reactions: tonyd
Uncle Al said:
This just goes to show how foolish many companies have become because of personnel shortages. They take short cuts in order to fill positions, leaving themselves highly vulnerable. Also, the entire field of so called HR professionals sorely lack the skill sets or contacts to do proper background checks and just to justify their positions by the number of resume's they review on new hires. Companies need to return to the tried and true method of making Managers conduct their own personnel search, reviews and interviews and have HR focus on their original primary mission. Any manager that can't put together an Ad campaign and find their own employee's are simply not qualified to be a manager.
Click to expand...

While smaller companies may be able to have Managers search for their own employees, this won't work at larger firms. The Manager won't have the time with his workload, and that's why Talent (one division of HR) typically fields candidates, gives the initial screening interview, and intakes salary requirements & expectations.

As for the background checks, for the majority of companies it's farmed out to third-party companies that complete the background check end to end. Company HR isn't involved with the exception of initiating the process and receiving the results. The same logic holds here, where many companies don't have the time to have their own staff perform background checks when third party agencies are readily available.

The only fault here at times lies with those third-party background check companies. Most of the largest ones suck. They're slow, miss things, or just sit on tasks for days at a time. Hard to avoid that unfortunately.
 
Hexic said:
While smaller companies may be able to have Managers search for their own employees, this won't work at larger firms. The Manager won't have the time with his workload, and that's why Talent (one division of HR) typically fields candidates, gives the initial screening interview, and intakes salary requirements & expectations.

As for the background checks, for the majority of companies it's farmed out to third-party companies that complete the background check end to end. Company HR isn't involved with the exception of initiating the process and receiving the results. The same logic holds here, where many companies don't have the time to have their own staff perform background checks when third party agencies are readily available.

The only fault here at times lies with those third-party background check companies. Most of the largest ones suck. They're slow, miss things, or just sit on tasks for days at a time. Hard to avoid that unfortunately.
Click to expand...

Not to mention that the biggest third party background check companies farm the work overseas! The people actually performing the background checks use Google and scraper software. It's ridiculous.
 
  • Like
Reactions: Underdog, tonyd, passwordistaco and 1 other person
Where I worked at which is a large healthcare Provider, HR will screen the applicants to make sure they meet the qualifications, etc., and if all looks good the application is passed on to the department Manager for review. If the Manager approves, then an interview is setup (in person). The Manager makes the final decision.
 
Is this where the "working from home" appears to be a risky idea? Face to face interviews and proper vetting of applicants is still a pretty good idea imho.
 
You must log in or register to reply here.

Similar threads

midian182
First-ever Switch modding case in Japan ends with fine and suspended jail time
Replies
6
Views
85
NumberNine
NumberNine
midian182
Microsoft confirms Outlook Classic bug that causes CPU spikes while typing, offers workaround
Replies
3
Views
70
Au Contraire
A
TS Dealmaster
  • Locked
For a limited time, grab a full Windows 11 Pro license for just $15
Replies
0
Views
2K
TS Dealmaster
TS Dealmaster

Latest posts

Back