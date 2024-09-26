Can you say irony?

That’s what the folks that work and use security and anti-phishing company called KnowBe4 must be thinking after it was discovered that one of their former remote workers was actually a North Korean hacker.

Despite going through four separate video interviews and an extensive background check, the “fake IT worker from North Korea” was able to get themselves hired and issued a work computer – which they immediately compromised.

“The moment it was received, it immediately started to load malware,” the company’s founder and CEO Stu Sjouwerman wrote in a blog post.

“This was a real person using a valid but stolen US-based identity,” Sjouwerman posted. “The picture was AI enhanced.”

KnowBe4 claims that no illegal access was granted and “no data was lost, compromised, or exfiltrated,” but the hacker didn’t waste any time in trying.

“The attacker performed various actions to manipulate session history files, transfer potentially harmful files, and execute unauthorized software,” according to Sjouwerman.

For those that don’t know, KnowBe4 sells software that is meant to teach employees how to identify phishing attempts and spread security awareness across their companies, so this incident is dripping with irony.

But before you blame KnowBe4, the infiltration of North Korean hackers into the US private sector is something on the FBI’s radar.

In fact, they issued a PSA last year in regards to the hiring remote workers, warning businesses about bad faith actors infiltrating America by posing as remote IT workers.

In the PSA, the agency listed a number of “red flag indicators,” including “unwillingness or inability to appear on camera, conduct video interviews or video meetings,” indications of cheating, company-issued laptops being freight forwarded overseas, and “repeated requests for prepayment.”

KnowBe4 seems to have learned their lesson and is working with the companies that trust them to educate them on this new “trend”, recommending other businesses and organizations vet references more diligently and get any potential new hires on camera to “ask them about the work they are doing.”

“This is a well-organized, state-sponsored, large criminal ring with extensive resources,” Sjouwerman said. “The case highlights the critical need for more robust vetting processes, continuous security monitoring, and improved coordination between HR, IT, and security teams in protecting against advanced persistent threats.”

Sjouwerman certainly seems confident incidents like this will be prevented by his company in the future.

“Our controls caught it, but that was sure a learning moment that I am happy to share with everyone,” Sjouwerman wrote.

Sometimes even the experts in their field need to learn a lesson.

