FBI investigates

KnowBe4 accidentally hired North Korean hacker

KnowBe4
Image source: rafapress /Shutterstock.com

The US security company KnowBe4 has revealed on its blog that it unknowingly hired a North Korean hacker. Company founder and CEO Stu Sjouwerman describes the incident as a “lesson”.

The hacker applied for a job as a software engineer in the company’s AI team using a stolen US identity. Despite several video interviews and extensive background checks, the fraudster managed to get through the hiring process. He used an artificial intelligence “enhanced” photo that was convincing enough to fool the HR department.

Ad
Screenshot 2024 07 29 at 14 53 33 How a North Korean Fake IT Worker Tried to Infiltrate Us
On the left is the original picture. On the right is the AI fake that was submitted to HR. Image source KnowBe4

Quick reaction prevents major damage

As soon as the alleged employee received his work computer, he began installing malware. Fortunately, KnowBe4’s security team responded promptly to the suspicious activity. “No illegal access was gained and no data was compromised or exfiltrated,” emphasized Sjouwerman.

According to Sjouwerman, these “fake IT employees” often work from North Korea or China, use VPNs and work at night to fake American working hours. Part of their salary then flows into North Korea’s illegal programs.

The incident at KnowBe4, a company that itself specializes in security training and phishing tests, shows the need for increased vigilance in recruitment processes. “If it can happen to us, it can happen to almost anyone,” warns Sjouwerman.

Ad

The FBI has now launched an investigation. KnowBe4 is working closely with the authorities and security experts such as Mandiant to fully investigate the case.

Ad

Weitere Artikel