Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,176
- Points
- 113
How did artificial intelligence help an attacker create the perfect cover?
KnowBe4, a cybersecurity company, revealed an attempt to break into its IT system through a fake employee from North Korea. All the company's data remained safe thanks to the timely actions of the information security department, but it will definitely not be superfluous to consider this case.
The company was looking for a software engineer for the AI development team. Job advertisements were posted, interviews were conducted, and candidate reviews were performed. The new employee went through all the standard procedures, including video interviews and background checks, and therefore did not arouse suspicion in the company.
However, the identity of this person used to get a job was stolen. After sending a work computer to a new employee, malicious activity was immediately detected on the device. The Threat Detection software (EDR) detected suspicious activity and notified the Information Security Center (SOC).
SOC promptly contacted the new employee, but his behavior aroused even more suspicion. The incident was then referred to Mandiant and the FBI for investigation. It turned out that the man was a fake agent from North Korea. The photo provided in the questionnaire was created using AI based on stock images.
Upon further verification, it turned out that the suspicious employee performed actions aimed at compromising the system: manipulating session files, downloading malware using the Raspberry Pi, and using a VPN to hide their location.
This case demonstrates the high degree of organization of cybercriminals and the advanced resources they use. Attackers use fake identities, VPNs, and virtual machines to access the company's systems, creating the appearance of legitimate work.
KnowBe4 has developed a number of recommendations to prevent similar incidents in the future. They can easily be used by any other organization:
It is important to pay attention to the use of VOIP numbers, the absence of a digital footprint, any inconsistencies in personal data, as well as attempts to install malware. Timely and more thorough checks will help prevent intruders from entering the system.
Source
KnowBe4, a cybersecurity company, revealed an attempt to break into its IT system through a fake employee from North Korea. All the company's data remained safe thanks to the timely actions of the information security department, but it will definitely not be superfluous to consider this case.
The company was looking for a software engineer for the AI development team. Job advertisements were posted, interviews were conducted, and candidate reviews were performed. The new employee went through all the standard procedures, including video interviews and background checks, and therefore did not arouse suspicion in the company.
However, the identity of this person used to get a job was stolen. After sending a work computer to a new employee, malicious activity was immediately detected on the device. The Threat Detection software (EDR) detected suspicious activity and notified the Information Security Center (SOC).
SOC promptly contacted the new employee, but his behavior aroused even more suspicion. The incident was then referred to Mandiant and the FBI for investigation. It turned out that the man was a fake agent from North Korea. The photo provided in the questionnaire was created using AI based on stock images.
Upon further verification, it turned out that the suspicious employee performed actions aimed at compromising the system: manipulating session files, downloading malware using the Raspberry Pi, and using a VPN to hide their location.
This case demonstrates the high degree of organization of cybercriminals and the advanced resources they use. Attackers use fake identities, VPNs, and virtual machines to access the company's systems, creating the appearance of legitimate work.
KnowBe4 has developed a number of recommendations to prevent similar incidents in the future. They can easily be used by any other organization:
- Regular scanning of remote devices.
- Improve resume and candidate data checks.
- Video communication with potential employees.
- Strengthen access control and authentication.
- Increase employees awareness of social engineering techniques.
It is important to pay attention to the use of VOIP numbers, the absence of a digital footprint, any inconsistencies in personal data, as well as attempts to install malware. Timely and more thorough checks will help prevent intruders from entering the system.
Source
