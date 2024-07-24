Cybersecurity awareness training company KnowBe4 has revealed it was duped into hiring a fake IT worker from North Korea, resulting in attempted insider threat activity.

The malicious activity was identified and prevented before any illegal access was gained or any data was compromised on KnowBe4 systems.

In a blog published on July 23, 2024, KnowBe4 detailed the high level of sophistication used by North Korean attackers in creating a believable cover identity, capable of passing an extensive interview and background check.

The case demonstrates North Korea’s ongoing efforts to get fake workers employed in IT roles in Western companies, both as a means of generating revenue for the Democratic People’s Republic of Korea (DPRK) government and to conduct malicious cyber intrusions.

Stu Sjouwerman, Chief Executive Officer and President at KnowBe4, noted: “This is a well-organized, state-sponsored, large criminal ring with extensive resources. The case highlights the critical need for more robust vetting processes, continuous security monitoring, and improved coordination between HR, IT and security teams in protecting against advanced persistent threats.”

How a Fake Worker Gained Employment

KnowBe4 advertised for a software engineer role within its internal IT AI team and received a resume from an individual using a valid but stolen US-based identity. The picture provided on the application was AI ‘enhanced.’

Four video conference interviews were conducted on separate occasions, confirming the individual matched the photo provided on their application.

A background and other standard pre-hiring checks were carried out and passed due to the stolen identity being used.