Security News > 2024 > July > KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack
American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices.
Before hiring the threat actor, KnowBe4 performed background checks, verified the provided references, and conducted four video interviews to ensure they were a real person and that his face matched the one on his CV. However, it was later determined that the person had submitted a U.S. person's stolen identity to dodge the preliminary checks, and also used AI tools to create a profile picture and match that face during the video conference calls.
A KnowBe4 spokesperson told BleepingComputer the malware was an infostealer targeting data stored on web browsers, and that the rogue employee was likely hoping to extract information left on the computer before it was commissioned to him.
"The attacker may [have used] this to find any credentials left over from previous browser sessions as a result of an IT department's initial provisioning process or to extract information leftover from an incomplete or improperly wiped laptop previously issued to a different employee." the KnowBe4 spokesperson told BleepingComputer.
To mitigate this risk, KnowBe4 suggests that firms maintain a sandbox for new hires isolated from their most critical network parts.
Fake CrowdStrike repair manual pushes new infostealer malware.
News URL
Related news
- Japan warns of attacks linked to North Korean Kimsuky hackers (source)
- North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks (source)
- U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals (source)
- Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine (source)
- North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics (source)
- Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks (source)
- CoinStats says North Korean hackers breached 1,590 crypto wallets (source)
- Hackers attack HFS servers to drop malware and Monero miners (source)
- Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks (source)
- Chinese APT40 hackers hijack SOHO routers to launch attacks (source)