Following an investigation that was assisted by the FBI and Google’s security division, Mandiant, it was determined that the recruited software engineer was, in fact, a North Korean impersonating an IT professional.
Following an employee’s newly given computer becoming infected with malware, a US security training company found that it had employed a North Korean hacker by mistake as a software engineer.
KnowBe4, a company that creates security awareness programs to educate staff members about phishing scams and online hazards, was the site of the incident. Following a successful background check and interview, the organization just recruited a remote software engineer. But last week, after providing the worker with a company-issued Mac, KnowBe4 discovered something unusual.
“The moment it was received, it immediately started to load malware,” KnowBe4 wrote in a blog post on Tuesday.
The Mac’s built-in security software helped the company find the infection. Following an investigation that was assisted by the FBI and Google’s security division, Mandiant, it was determined that the recruited software engineer was, in fact, a North Korean impersonating as an IT professional.
Luckily, the hacker was unable to penetrate KnowBe4’s internal systems using the Mac because the business remotely confined it. When the malware was first detected, the company’s IT team initially reached out to the employee, who claimed “that he was following steps on his router guide to troubleshoot a speed issue.” However, KnowBe4 was able to capture the hired worker manipulating session files and running unapproved software, which included loading the malware onto a Raspberry Pi.
In response, KnowBe4’s security team tried to call the hired software engineer, but he “stated he was unavailable for a call and later became unresponsive.”
KnowBe4 says it shipped the work computer “to an address that is basically an ‘IT mule laptop farm,'” which the North Korean then accessed via VPN.
Even though KnowBe4 was able to stop the hack, this instance shows how North Korean hackers are using remote IT tasks as a means of breaking into US organizations. The US issued a warning in May alleging that a subset of North Koreans had been obtaining remote employment by posing as more than sixty actual US citizens.
In addition to giving North Korean hackers a means of stealing sensitive data and opening the door for more attacks, remote work can help fund the country’s illicit activities. To get past the company’s interview procedure in the KnowBe4 case, the fake software developer turned to employing an AI-edited picture of a stock image.
“This case highlights the critical need for more robust vetting processes, continuous security monitoring, and improved coordination between HR, IT, and security teams in protecting against advanced persistent threats,” KnowBe4 added.
KnowBe4 is recommending its industry peers to think about video-calling potential hires to make sure they are genuine in order to avoid a repeat of the situation. Verifying the candidate’s references in addition to emailing them is another piece of advice.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
