US Cybersecurity Firm Accidentally Hires North Korean Hacker
In a surprising turn of events, the US security vendor KnowBe4 recently discovered they had inadvertently hired a North Korean hacker. The hacker managed to infiltrate the company using an AI-enhanced image and a stolen identity, but fortunately, no data was compromised. Here’s a look at how this incident unfolded and what measures can be taken to prevent similar occurrences in the future.
The Incident Unfolds
The hacker applied for a job at KnowBe4, going through all the standard hiring processes. They submitted a resume, attended four video interviews, passed background checks, and provided references. Once hired and sent a Mac workstation, the hacker attempted to install malware on the company’s systems.
However, the hacker's efforts were thwarted before any damage could be done. KnowBe4’s CEO and founder, Stu Sjouwerman, confirmed, “No data was lost, compromised, or exfiltrated on any KnowBe4 systems.” The incident is currently under FBI investigation, though it remains unclear if the hacker was officially linked to the North Korean government.
How the Hacker Passed the Background Checks
The hacker used a valid but stolen US identity along with an AI-enhanced image that matched their own face. This combination allowed them to bypass all the company’s pre-hiring checks. The image, a modified version of a stock photo, eventually raised suspicion and was flagged by KnowBe4’s InfoSec Security Operations Center. The company then brought in cybersecurity firm Mandiant and contacted the FBI.
.jpg "US Cybersecurity Firm Accidentally Hires North Korean Hacker")
Tips for Preventing Similar Incidents
Stu Sjouwerman shared insights and advice for other businesses to avoid such incidents:
- Scan remote devices to ensure no unauthorized access.
- Improve vetting processes, focusing on verifying the physical presence of employees.
- Enhance resume scanning procedures.
- Conduct video interviews and verify previous work experience.
- Verify shipping addresses to ensure they match the new employee’s claimed residence.
- Be vigilant for any attempts to execute malware.
KnowBe4’s Public Response
Unlike many companies that might try to keep such incidents under wraps, KnowBe4 chose to handle the situation openly. They announced the breach in a blog post and followed up with an FAQ page detailing the incident. Sjouwerman candidly acknowledged, “Do we have egg on our face? Yes. And I am sharing that lesson with you. It’s why I started KnowBe4 in 2010. In 2024, our mission is more important than ever.”
By being transparent, KnowBe4 aimed to highlight the challenges of maintaining security in an era where stolen data is widely available online. The incident underscores the importance of vigilance, even for cybersecurity firms, in an increasingly complex digital landscape.
