Of all things, an IT security company was hit, but at least the cybercriminal was not able to cause any significant data damage. (Image: AI-generated with Adobe Firefly)
In 2024, it is no longer unusual for companies to hire people without first getting to know them personally. However, a recent case from the USA shows that this can also cause serious problems.
Which company is it? It is the IT security company KnowBe4. It describes in a Blog entry the current case of a man from North Korea. He successfully infiltrated the company posing as a software engineer.
- Infiltration without serious consequences: KnowBe4 emphasizes that there were no successful illegal accesses, nor any data loss or similar problems during the shutdown.
- How this attitude came about: The person from North Korea managed to survive both checks on his supposed career and four video interviews without being caught, partly through identity theft and an AI-edited application photo.
- What happened after the hiring: The cybercriminal attempted, among other things, to execute malicious files and launch unauthorized software. As reported in the FAQ from the company on the case As stated, the attempts were registered by internal security systems and all access was blocked within minutes.
A crucial factor that prevented greater damage: The hiring process was not yet complete. Therefore, the new employee had very limited access to simple software such as an email account and communication tools such as Slack and Zoom.
This is how the man proceeded
On the left you can see the base photo, on the right the cybercriminal’s application photo reworked using AI. (Image: KnowBe4).
The decisive basis for the hiring is the convincing identity of a US citizen, which was stolen beforehand.
- AI helps with the fake: In order not to be exposed in the video interviews, the man from North Korea, according to KnowBe4, used AI to turn a stock photo into his own application photo, as shown in the picture above.
- Did the state also help? KnowBe4 also suspects that the
skilled North Korean IT staff
did not act alone, but with the help of astate-supported criminal infrastructure
.
The US company describes the concrete further procedure as follows:
It works like this: the fake employee asks for his laptop workstation to be sent to an address that is basically a IT-Maultier-Laptop-Farm
They then log in via VPN from their actual location (North Korea or China) and work the night shift, making it look like they are working in the US during the day.
When the suspicious activities were noticed, the company contacted the new employee.
He declined the company’s subsequent request to call him because he was not available by phone at the time. Further attempts to contact them ultimately remained completely unanswered.
We learn from mistakes (hopefully)
The US security company KnowBe4 has employed over 1,000 people since August 2020.
KnowBe4 clearly states that the company needs to optimize its own hiring processes. But the blog post is also intended as a warning to other companies, as the following quote makes clear:
See it as an organizational learning moment […]. If it can happen to us, it can happen to almost anyone.
Corporate errors of a completely different kind: A company fires an employee and takes back his laptop. Six months later, she asks him for his password
Two of the optimizations that have already been made to KnowBe4:
- Laptops for new employees will only be delivered to a nearby UPS store.
- A photo ID is required.
You can find numerous other tips from the company to prevent this from happening on the second page of this article.
KnowBe4 has also reported the case to the FBI, which is now investigating it further.
