American cybersecurity company KnowBe4 has revealed a recent security breach, wherein a person hired as a Principal Software Engineer turned out to be a North Korean state actor attempting to install information-stealing malware on its devices. The company thwarted the malicious actions, averting a data breach, however this incident underscores the persistent threat posed by North Korean actors masquerading as IT personnel, as repeatedly warned by the FBI since 2023.
KnowBe4, a specialist in security awareness training and phishing simulations, disclosed that the threat actor had used stolen identity information and AI tools to make it past initial background checks and video interviews. The company suspected illicit activity when its EDR product flagged attempted malware installation from a Mac workstation assigned to the new hire.
According to a KnowBe4 spokesperson, the infostealer targeted data stored on web browsers, with the rogue employee likely trying to extract sensitive information left on the computer before its commissioning. The state actor initially offered excuses when confronted but eventually ceased communication.
To mitigate such risks, KnowBe4 advocates maintaining a sandbox for new hires, isolated from critical network parts, and avoiding remote usage of new hire’s external devices. Consistent shipping address verification is also suggested as a red flag for potential security threats.
Original story: https://www.bleepingcomputer.com/news/security/knowbe4-mistakenly-hires-north-korean-hacker-faces-infostealer-attack/
