A Security Firm has Discovered that a Remote Employee is a North Korean Hacker
A Security Firm has Discovered that a Remote Employee is a North Korean Hacker
The worker’s company-issued iMac started downloading malware, prompting safety awareness company KnowBe4 to suspect that something was inappropriate.
The recently issued computer of an employee of a security training organization in the United States became infected with malware, which led to the discovery that the company had made a mistake in hiring a North Korean hacker to work as a software engineer.
The event took place at KnowBe4, a company that creates security awareness programs for the purpose of educating employees about phishing attempts and other forms of cyber dangers. A remote software engineer who passed the interview and background check process was not only recently employed by the organization but also cleared the process. The previous week, however, KnowBe4 discovered something peculiar after mailing the employee a Mac that was provided by the company.
Tuesday was the day that KnowBe4 published a blog post in which they stated, “The moment it was received, it immediately started to load malware.”
The organization was able to identify the malicious software by utilizing the built-in security software of the Mac. Following an investigation that was conducted with the assistance of the Federal Bureau of Investigation and the security division of Google known as Mandiant, it was determined that the software engineer who had been hired was in fact a North Korean who was pretending to be an IT professional.
Before the hacker could utilize the computer to breach KnowBe4’s internal systems, the business was able to remotely contain the Mac, which is a fortunate development. The information technology staff of the organization originally reached out to the employee, who stated that “he was following steps on his router guide to troubleshoot a speed issue.”
This was accomplished when the malware was discovered for the first time. In actuality, however, KnowBe4 was able to capture the hired worker modifying session files and executing unauthorized software. This included the use of a Raspberry Pi to load the virus.
In response, the security team at KnowBe4 attempted to contact the software engineer who had been hired, but the individual “often stated that he was unavailable for a call and later became unresponsive.”
KnowBe4 claims that it sent the work machine “to an address that is basically an ‘IT mule laptop farm’,” which the North Korean then accessed using a virtual private network (VPN).
Even though KnowBe4 was successful in preventing the intrusion, the incident nonetheless highlights the fact that North Korean hackers are making use of remote IT employment in order to attack firms in the United States. A group of North Koreans had been utilizing identities belonging to over sixty real people in the United States in order to assist them in securing distant jobs, the United States of America warned in May.
In addition to providing a means for North Korea’s hackers to acquire personal information and pave the path for additional attacks, the remote jobs enable North Korea to collect income for their unlawful initiatives, which can assist North Korea create revenue. When it came to KnowBe4, the false software engineer resorted to using an artificial intelligence-edited snapshot of a stock image in order to assist them in passing the interview procedure held by the company.
According to KnowBe4’s additional statement, “This case highlights the critical need for more robust vetting processes, continuous security monitoring, and improved coordination between HR, IT, and security teams in order to protect against advanced persistent threats.”
KnowBe4 is recommending its peers in the sector consider conducting interviews with potential employees via video conference in order to verify that they are genuine. This is being done in order to prevent a repeat from happening. An additional piece of advice is to investigate the references of the candidate beyond simply sending them an email.
KnowBe4 is providing additional information on how the North Korean hacker was able to pass the employment procedure, which included video interviews. This information was provided on July 24.
Left is the original stock picture. Right is the AI deepfake submitted to KnowBe4’s Human Resources department. (Credit: KnowBe4)
“Our HR team conducted four video conference-based interviews on separate occasions, confirming the individual matched the photo provided on their application,” the business stated in its announcement. “In addition, a background check as well as all of the other routine pre-employment checks were carried out, and the results came back negative due to the fact that the criminal identity was being used. A real person was utilizing a legitimate but stolen identity that was based in the United States. The image was “enhanced” by artificial intelligence.”
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.
READ MORE ARTICLE HERE