Security News > 2024 > July > KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack

American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices.

Before hiring the threat actor, KnowBe4 performed background checks, verified the provided references, and conducted four video interviews to ensure they were a real person and that his face matched the one on his CV. However, it was later determined that the person had submitted a U.S. person's stolen identity to dodge the preliminary checks, and also used AI tools to create a profile picture and match that face during the video conference calls.

A KnowBe4 spokesperson told BleepingComputer the malware was an infostealer targeting data stored on web browsers, and that the rogue employee was likely hoping to extract information left on the computer before it was commissioned to him.

"The attacker may [have used] this to find any credentials left over from previous browser sessions as a result of an IT department's initial provisioning process or to extract information leftover from an incomplete or improperly wiped laptop previously issued to a different employee." the KnowBe4 spokesperson told BleepingComputer.

To mitigate this risk, KnowBe4 suggests that firms maintain a sandbox for new hires isolated from their most critical network parts.

Fake CrowdStrike repair manual pushes new infostealer malware.

News URL

https://www.bleepingcomputer.com/news/security/knowbe4-mistakenly-hires-north-korean-hacker-faces-infostealer-attack/