Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,176
- Points
- 113
An American cybersecurity company mistakenly hired a North Korean hacker as its chief software engineer. After receiving a corporate computer, he immediately started downloading malware to it.
Remote Engineer
The American company KnowBe4, which deals with cybersecurity issues, mistakenly hired a hacker for the position of chief software engineer. KnowBe4 reported this in its blog.
The new engineer had to work remotely. All stages of selection and hiring also took place remotely.
Representatives of the company claim that they quickly exposed the attacker and avoided negative consequences: "No illegal access was obtained, and no data was lost, compromised or stolen from any KnowBe4 systems."
I haven't worked a day
KnowBe4 noticed something suspicious when a malicious program started downloading to the service computer. The Mac workstation was sent to a new employee at the address they specified. As soon as it was received, it immediately started downloading malware.
The system detected a series of suspicious actions and notified the Security Operations Center (SOC). When these alerts were received, the SOC KnowBe4 team contacted the user to learn about the abnormal activity and possible cause. He first stated that he could not speak, and then stopped responding altogether.
According to the session history, the attacker performed various actions to manipulate files and attempted to launch unauthorized software. He used a Raspberry Pi to download the malware.
How did the hacker qualify for the job?
The HR team conducted four interviews based on video conferences and confirmed that the person matched the photo provided in their application. As it turned out later, this photo was changed with the help of AI.
On the left is the original stock photo, and on the right is an AI deepfake sent to the KnowBe4 HR department.
In addition, background checks and all other routine pre-employment checks, including reference checks, were conducted. No suspicions were raised due to the use of the stolen identity of a real person.
"The subject demonstrated a high level of skill in creating a plausible identity," the affected company said in its report on the incident. It claims that it is a North Korean "well-organized, state-sponsored, large-scale criminal group with extensive resources."
Representatives of KnowBe4 explain how such groups work: "A fake employee asks to send his workstation to an address that is essentially "IT mule laptop farm". They then connect via a VPN from where they are actually physically located (in North Korea or China) and work the night shift to make it seem like they are working during the day in the US. The scam is that they actually do the work, get well paid, and give most of it to North Korea to finance their illegal programs."
Remote Engineer
The American company KnowBe4, which deals with cybersecurity issues, mistakenly hired a hacker for the position of chief software engineer. KnowBe4 reported this in its blog.
The new engineer had to work remotely. All stages of selection and hiring also took place remotely.
Representatives of the company claim that they quickly exposed the attacker and avoided negative consequences: "No illegal access was obtained, and no data was lost, compromised or stolen from any KnowBe4 systems."
I haven't worked a day
KnowBe4 noticed something suspicious when a malicious program started downloading to the service computer. The Mac workstation was sent to a new employee at the address they specified. As soon as it was received, it immediately started downloading malware.
The system detected a series of suspicious actions and notified the Security Operations Center (SOC). When these alerts were received, the SOC KnowBe4 team contacted the user to learn about the abnormal activity and possible cause. He first stated that he could not speak, and then stopped responding altogether.
According to the session history, the attacker performed various actions to manipulate files and attempted to launch unauthorized software. He used a Raspberry Pi to download the malware.
How did the hacker qualify for the job?
The HR team conducted four interviews based on video conferences and confirmed that the person matched the photo provided in their application. As it turned out later, this photo was changed with the help of AI.
On the left is the original stock photo, and on the right is an AI deepfake sent to the KnowBe4 HR department.
In addition, background checks and all other routine pre-employment checks, including reference checks, were conducted. No suspicions were raised due to the use of the stolen identity of a real person.
"The subject demonstrated a high level of skill in creating a plausible identity," the affected company said in its report on the incident. It claims that it is a North Korean "well-organized, state-sponsored, large-scale criminal group with extensive resources."
Representatives of KnowBe4 explain how such groups work: "A fake employee asks to send his workstation to an address that is essentially "IT mule laptop farm". They then connect via a VPN from where they are actually physically located (in North Korea or China) and work the night shift to make it seem like they are working during the day in the US. The scam is that they actually do the work, get well paid, and give most of it to North Korea to finance their illegal programs."
