A U.S. Security Company Thought It Had Hired an Engineer. It Was a North Korean Cybercriminal

  • The company discovered it had hired a hacker after the hiring process had gone smoothly.

  • The cybercriminal stopped responding when he attempted to compromise the company’s security.

Karen Alfaro

Writer

Communications professional with a decade of experience as a copywriter, proofreader, and editor. As a travel and science journalist, I've collaborated with several print and digital outlets around the world. I'm passionate about culture, music, food, history, and innovative technologies. LinkedIn

The world of work has changed a lot in recent years, with many people working remotely. This dynamic often benefits employees and employers: When people can work from anywhere, companies save on costs.

However, some people can use remote work to commit certain crimes. A U.S. security company recently experienced this. KnowBe4 wanted to hire a software engineer and mistakenly employed a North Korean cybercriminal. The company discovered the hacker when he tried to compromise its network.

A Fake Worker at a Security Company

KnowBe4, whose products include phishing security testing for corporate clients, says in its blog that the cybercriminal didn’t steal any of its data. However, it shares what happened as an organizational learning experience. “If it can happen to us, it can happen to almost anyone. Don’t let it happen to you,” the Stu Sjouwerman-led company adds.

KnowBe4 says it all started with a standard hiring process. It posted the job opening, received several resumes, and interviewed candidates. The hacker, identified anonymously in the company's blog as “XXXX,” participated in four video conference interviews on separate occasions. He met all the hiring standards.

There were no problems with the background check or with matching the photo on his resume to the face that appeared in the preliminary interviews. After passing all the stages of the process, the company hired XXXX. To get him started, KnowBe4 sent him a Mac, as is usual in the company, but it detected suspicious activity shortly after.

A KnowBe4 team member then contacted the new employee to inquire about the possible cause of the suspicious activity. The fake employee replied that he was adjusting his router to fix a security issue, which probably triggered the alarms.

However, it turns out that this person was trying to manipulate part of the company’s system to load malware using a Raspberry Pi. XXXX rejected the team's attempt to contact him and then stopped responding. The FBI and cybersecurity experts at Mandiant are working together to learn more about the case. Now, they know the cybercriminal used a stolen identity in the process.

They also believe that the hacker digitally manipulated a photograph and that the company sent the computer to an address that is basically an “IT mule laptop farm.” XXXX wouldn’t have been in the U.S. but remotely connected from North Korea. Sjouwerman explains that they avoided compromising the company’s security because new employees have limited access to its systems.

This article was written by Javier Márquez and originally published in Spanish on Xataka.

Images | Xataka On with Bing Image Creator | Kjpargeter

Related | Two Years Ago, Someone Hacked Into North Korea's Internet and Shut It Down for a Week. The Culprit Did It From Their Home

See all comments on https://www.xatakaon.com

SEE 0 Comment

Cover of Xataka On