How a North Korean Fake IT Worker Tried to Infiltrate Us
Contents
Incident Report Summary: Insider Threat
Disclaimer: No access was gained or compromised on KnowBe4 systems.
TLDR: KnowBe4 needed a software engineer for our internal IT AI team. We posted the job, received resumes, conducted interviews, performed background checks, verified references, and hired the person. We sent them their Mac workstation, and the moment it was received, it immediately started to load malware.
The EDR software detected it and alerted our InfoSec Security Operations Center. The SOC called the new hire and asked if they could help. That's when it got dodgy fast. We shared the collected data with Mandiant, a leading global cybersecurity expert, and the FBI, to corroborate our initial findings.It turns out this was a fake IT worker from North Korea. The picture you see is an AI deepfake that started out with stock photography (below).
SUMMARY: This report covers the investigation of Employee ID: XXXX hired as a Principal Software Engineer. …
Disclaimer: No access was gained or compromised on KnowBe4 systems.
TLDR: KnowBe4 needed a software engineer for our internal IT AI team. We posted the job, received resumes, conducted interviews, performed background checks, verified references, and hired the person. We sent them their Mac workstation, and the moment it was received, it immediately started to load malware.
The EDR software detected it and alerted our InfoSec Security Operations Center. The SOC called the new hire and asked if they could help. That's when it got dodgy fast. We shared the collected data with Mandiant, a leading global cybersecurity expert, and the FBI, to corroborate our initial findings.It turns out this was a fake IT worker from North Korea. The picture you see is an AI deepfake that started out with stock photography (below).
SUMMARY: This report covers the investigation of Employee ID: XXXX hired as a Principal Software Engineer. …