SafetyDetectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand

KnowBe4 Unwittingly Hires North Korean Hacker as Software Engineer

Paige Henley
Paige Henley Editor
Published on: July 25, 2024
Paige Henley Paige Henley
Published on: July 25, 2024 Editor

In a startling incident, KnowBe4, a US-based security training company, discovered it had mistakenly hired a North Korean hacker as a software engineer. The revelation came to light after the hacker’s newly issued company computer became infected with malware.

KnowBe4, known for developing security awareness programs to combat phishing attacks and other cyber threats, recently onboarded a remote software engineer who successfully passed the interview and background check process. However, last week, suspicions arose when the employee received a company-issued Mac, which immediately began loading malware.

“The moment it was received, it immediately started to load malware,” KnowBe4 detailed in a blog post on Tuesday.

The malware was detected by the Mac’s onboard security software. With the assistance of the FBI and Google’s security arm, Mandiant, KnowBe4’s investigation revealed that the supposed software engineer was, in fact, a North Korean hacker posing as an IT worker.

Fortunately, KnowBe4’s swift response contained the infected Mac before the hacker could compromise the company’s internal systems. Initially, the company’s IT team reached out to the employee, who claimed he was troubleshooting a speed issue by following steps on his router guide. In reality, the employee was manipulating session files and executing unauthorized software, including using a Raspberry Pi to load the malware.

When the security team attempted to call the employee, he “stated he was unavailable for a call and later became unresponsive.”

Further investigation revealed that KnowBe4 had shipped the work computer to an address linked to an “IT mule laptop farm,” which the hacker accessed via a VPN.

Although the breach was thwarted, the incident highlights the growing threat of North Korean hackers exploiting remote IT jobs to infiltrate US companies. And this is not a new problem. In May, the US government warned that North Korean operatives had been using identities from over 60 real US citizens to secure remote positions.

About the Author
Paige Henley
Paige Henley
Editor
Published on: July 25, 2024

About the Author

Paige Henley is an editor at SafetyDetectives. She has three years of experience writing and editing various cybersecurity articles and blog posts about VPNs, antivirus software, and other data protection tools. As a freelancer, Paige enjoys working in a variety of content niches and is always expanding her knowledge base. When she isn't working as a "Safety Detective", she raises orphaned neonatal kittens, works on DIY projects around the house, and enjoys movie marathons on weekends with her husband and three cats.

Leave a Comment