Priya Patel
TLDR:
- KnowBe4 hired a fake IT worker from North Korea who posed as a U.S.-based software engineer.
- The fake worker used stolen U.S. credentials, an AI-enhanced photo, and a seemingly thorough interview process to avoid detection.
In a blog post, security awareness training company KnowBe4 revealed that a remote worker hired as a software engineer turned out to be a persona controlled by a North Korean threat actor. The worker used stolen U.S. credentials and an AI-enhanced photo to pass through the interview process without being caught. However, suspicious activities detected by KnowBe4’s InfoSec Security Operations Center team led to the discovery of the fake worker’s true identity.
The company’s internal investigation found that the fake employee likely operated from North Korea or China, using a VPN to work during U.S. business hours. Although no illegal access or data loss occurred, the incident highlighted weaknesses in the hiring process and the need for more robust vetting processes to protect against advanced persistent threats.
KnowBe4’s Chief Information Security Officer, Brian Jack, stated that the company’s cybersecurity controls enabled the detection of the threat actor. Moving forward, they plan to enhance hiring processes for better identity validation and provide training on identifying red flags for similar threats.
