A security company from the USA narrowly escapes major damage because a North Korean hacker becomes impatient within their ranks.
Which company is involved? The US IT security firm KnowBe4, with around 1,000 employees, has itself made a report public on its blog. A North Korean cybercriminal infiltrated the company by posing as a software engineer through a standard application process. However, everything was conducted online since the position was advertised as a home office job.
Caught Due to Impatience?
How did he deceive the company? The North Korean stole the identity of an American and used AI to alter a profile picture for his application. This allowed him to pass all checks of his supposed background without getting caught.
Is the North Korean government involved? KnowBe4 suspects that the capable North Korean IT employee
had assistance from a state-supported criminal infrastructure
.
Was the cybercriminal able to cause damage or steal data? KnowBe4 assures that the person had no access to any data or to critical systems. The company laptop sent to him never actually arrived. The company explains its actions as follows:
It works like this: The false employee requests that his laptop workstation be sent to an address that is essentially an
IT mule laptop farm. They then log in via VPN from their actual location (North Korea or China) and work the night shift, making it appear as if they are working in the USA during the day.
What did the supposed employee try to do? Once he gained access, he attempted to execute malicious code and run unauthorized programs – but it failed. When his behavior was discovered, the company tried to contact him.
In writing, he claimed to be following instructions from his router to solve a speed issue. He directly rejected a requested phone call, and subsequent contact attempts of any kind were unsuccessful.
Why was he not successful? The explanation likely also lies in his impatience. His onboarding process, meaning his introduction to all relevant processes and systems of the company, was far from complete. At that time, he only had access to simple programs like email and communication tools like Slack and Zoom.
Additionally, the security software reacted quickly, leading to all accesses being blocked, and activities were traced back to him. You can also read all about it in an FAQ from the company.
What happens next? The case has been handed over to the FBI, which is currently investigating. Furthermore, KnowBe4 has some tips for everyone who uses similar hiring procedures. They want to take action themselves and adjust their processes during hiring and beforehand.
- Deliver laptops for new employees only to nearby stores, not to private addresses
- Request a photo ID.
- Scan remote devices to ensure no one has access to them.
- Ensure that employees are physically where they are supposed to be.
- Put people in front of a video camera and ask them about their work
The complete English list can be found in the company’s blog linked above if you’re interested.
In a completely different kind of fraud, but with unexpectedly draconian penalties imposed in Turkey, you can read in another article. What a candidate for a university career attempted during a
state examination will probably accompany him for a lifetime: His cheating attempt with a camera, phone, and AI failed, but the police were quite impressed.
