Security News > 2024 > July > KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack

American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices.
Before hiring the threat actor, KnowBe4 performed background checks, verified the provided references, and conducted four video interviews to ensure they were a real person and that his face matched the one on his CV. However, it was later determined that the person had submitted a U.S. person's stolen identity to dodge the preliminary checks, and also used AI tools to create a profile picture and match that face during the video conference calls.
A KnowBe4 spokesperson told BleepingComputer the malware was an infostealer targeting data stored on web browsers, and that the rogue employee was likely hoping to extract information left on the computer before it was commissioned to him.
"The attacker may [have used] this to find any credentials left over from previous browser sessions as a result of an IT department's initial provisioning process or to extract information leftover from an incomplete or improperly wiped laptop previously issued to a different employee." the KnowBe4 spokesperson told BleepingComputer.
To mitigate this risk, KnowBe4 suggests that firms maintain a sandbox for new hires isolated from their most critical network parts.
Fake CrowdStrike repair manual pushes new infostealer malware.
News URL
Related news
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- North Korean hackers linked to $1.5 billion ByBit crypto heist (source)