North Korean hacker hired by US security supplier, loaded malware

• A US cybersecurity firm hired a North Korean hacker who tried to contaminate the company’s systems with malware.
• The company is now scrambling to assess the full scope of the security breach and to prevent further harm.

OUR TAKE
This event is a stark reminder for businesses globally about the importance of stringent hiring practices and the need for constant vigilance against cyber threats.As details of the incident continue to emerge, the full impact and the lessons to be derived will become more apparent.
–Rebecca Xu, BTW reporter

What happened

US security vendor KnowBe4 unknowingly hired a North Korean hacker who tried to install malware on the company’s network. KnowBe4 CEO and founder Stu Sjouwerman detailed the incident in a recent blog post, emphasising the importance of vigilance in cybersecurity.

On July 15, a user experienced a series of suspicious activities on their account. KnowBe4’s SOC team promptly investigated the anomalies and collaborated with cybersecurity experts from Mandiant and the FBI to confirm their suspicions. The perpetrator was later revealed to be a fraudulent IT worker from North Korea. The assailant undertook a range of actions to manipulate session history files, transfer potentially harmful files, and run unauthorised software.

The hacker, who appeared as a legitimate new hire, infiltrated the company’s secure systems. The company posted a job advertisement, received resumes, conducted interviews, performed background checks, verified references, and hired this individual through the regular recruitment process. Despite the fact that the photo provided by the applicant to the HR department was fake, the person who attended the interview was strikingly similar to the photo and thus passed the interview.

Also read:North Korean hackers funnel $150,000 of stolen crypto to Asian firm

Also read:North Korean Hackers Suspected in Major Cryptocurrency Heists

Why it’s important

Although Sjouwerman emphasised that there were no unauthorised accesses, data loss, leaks, or breaches on the KnowBe4 system, concerns were raised among the public regarding the potential impact of malicious software dissemination with supplier customer security.

“We are deeply troubled by these events,which underscore the ever-changing landscape of cybersecurity,” expressed the Sjouwerman in a public statement. “We are working closely with authorities to ensure the integrity of our systems and the safety of our clients.”

The company is now scrambling to assess the full scope of the security breach and to prevent further harm. The cybersecurity sector is in a state of heightened alert following this incident, with a renewed emphasis on stringent vetting processes and internal security measures.