fbpx
Connect with us

Know

Local cybersecurity firm: We hired a North Korean hacker

Mark Parker

Published

4 months ago

on

On the left is a stock photo. A North Korean hacker posing as a remote worker used artificial intelligence to transform it into the picture he used on the right. Screengrab, KnowBe4.

Clearwater-based KnowBe4 recently announced that the global cybersecurity firm unwittingly hired a “fake IT worker from North Korea” who immediately attempted to download malware.

A July 23 announcement detailed how a suspected “Insider Threat/Nation State Actor” completed KnowBe4’s hiring process using a stolen, U.S.-based identity. Founder and CEO Stu Sjouwerman published a subsequent blog post July 27 due to “uneven” press coverage.

Sjouwerman stressed that hackers did not breach company data. The company’s security features detected and blocked the malware.

“Do we have egg on our face? Yes,” wrote Sjouwerman. “And I am sharing that lesson with you. It’s why I started KnowBe4 in 2010. In 2024, our mission is more important than ever.”

The U.S. Justice Department shared that lesson in May. Federal authorities announced they were prosecuting an Arizona woman, a Ukrainian man and three unidentified foreign nationals for allegedly facilitating an elaborate, North Korea-based plot to place overseas information technology (IT) workers into remote positions with American companies.

The scheme was successful. Unsealed court documents showed that thousands of skilled IT employees used stolen or borrowed U.S. identities to defraud over 300 domestic companies and raise money for North Korea.

Nicole M. Argentieri, principal deputy assistant attorney general, called the charges a “wakeup call for American companies and government agencies that employ remote IT workers” in a prepared statement.

KnowBe4, which touts its ability to conquer human error, was duped two months later. According to the company’s website, it offers the “world’s most popular integrated platform” for security training and simulated phishing attacks.

“We could have kept quiet while wiping the egg off our face,” Sjouwerman wrote. “However, our mission is to make the world aware of cybercrime.”

The saga began with KnowBe4 seeking a software engineer for its internal artificial intelligence (AI) team. The fraudulent jobseeker used that technology against the firm.

The unnamed suspect, now at the center of a federal investigation, was an actual person who used an AI-enhanced picture. He also completed four virtual interviews that confirmed the imposter matched the application photo.

KnowBe4 hired the North Korean national after his stolen identity passed multiple background checks. He received a laptop with preinstalled work-related applications.

Sjouwerman explained that the fake workers ask companies to send their workstations to an “IT mule laptop farm” in the U.S. They log in remotely from their physical location – North Korea or just across the Chinese border.

Stu Sjouwerman, founder and CEO of KnowBe4.

KnowBe4’s briefly employed hacker quickly began manipulating session history files, transferring potentially harmful data and executing unauthorized software. The firm’s security protocols detected the nefarious actions and notified related personnel, who called the new hire and asked if he needed assistance.

“That’s when it got dodgy, fast,” Sjouwerman wrote. The employee stated he was unavailable and became unresponsive. The company’s security team quarantined his device about 25 minutes after detecting suspicious activities.

“We shared the collected data with our friends at Mandiant, a leading global cybersecurity expert, and the FBI to corroborate our initial findings,” Sjouwerman said. “The scam is that they are actually doing the work, getting paid well and give a large amount to North Korea to fund their illegal programs.

“I don’t have to tell you about the severe risk of this.”

Federal officials detailed the national security implications in their May announcement. “On the surface, today’s allegations of wire fraud, identity theft and money laundering may read like a typical white collar or economic crime scheme,” said Kevin Vorndran, assistant director of the FBI’s Counterintelligence Division. “But what these allegations truly represent is a new high-tech campaign to evade U.S. sanctions, victimize U.S. businesses and steal U.S. identities.”

In his July 27 blog post, Sjouwerman noted that the hacker never accessed customer data, private networks, cloud infrastructure or confidential information. He added that new hires do not receive additional access until after the onboarding process, which the suspect did not complete.

Sjouwerman stated that KnowBe4 has implemented several hiring process changes to help mitigate similar incidents from occurring in the future. For example, the company will only ship employee workstations to a nearby UPS store, and recipients must show a picture ID.

“If something like this can happen to us, it can happen to almost anyone,” Sjouwerman wrote. “The intent was to share an organizational learning moment so you can make sure this does not happen to you.”

Share
Tweet
Share
Related Topics:
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

By posting a comment, I have read, understand and agree to the Posting Guidelines.


The St. Pete Catalyst

The Catalyst honors its name by aggregating & curating the sparks that propel the St Pete engine.  It is a modern news platform, powered by community sourced content and augmented with directed coverage.  Bring your news, your perspective and your spark to the St Pete Catalyst and take your seat at the table.

Email us: spark@stpetecatalyst.com

Subscribe for Free

Subscription Form

Share with friend

Enter the details of the person you want to share this article with.