North Korean workers infiltrate cyber industry
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Annelise Capossela/Axios
KnowBe4, a well-regarded security training company, is the latest to fall victim to a long-running North Korean IT worker scam.
Why it matters: Even the companies designed to fend off these threats haven't figured out a way to avoid them.
The big picture: North Korean workers have gotten scary good at gaming U.S. hiring practices to score coveted remote jobs to make money for the regime and to collect U.S. company secrets.
- Many of these job candidates tap AI tools to obfuscate their voices or change their images during calls so they go undetected.
- U.S. companies are barred from hiring people in North Korea due to strict sanctions.
Zoom in: KnowBe4 CEO Stu Sjouwerman wrote in a blog post Wednesday that the company recently discovered and fired an employee who was one of these North Korean IT workers.
- KnowBe4 had conducted four video conference interviews, run a background check, and even confirmed the person matched the photo provided on his application before hiring him.
- But the candidate had stolen a U.S.-based identity and used AI tools to enhance a stock image to bypass an ID check, Sjouwerman said.
What happened: Last Monday, KnowBe4's security team detected a "series of suspicious activities" coming from the new employee's laptop.
- Upon further review, the company realized that the new employee had been trying to transfer "potentially harmful files" and "execute unauthorized software."
- 25 minutes later, and after the new employee had failed to hop on a phone call with the IT team, KnowBe4 walled off his device.
- The employee wasn't able to illegally access any of KnowBe4's systems and no data was lost, stolen or compromised, Sjouwerman wrote.
- However, the employee did try to load infostealer malware onto his machine. Sjouwerman said the company isn't quite sure why.
What they're saying: "We could have kept quiet while wiping the egg off our face," Sjouwerman wrote in a follow-up post Thursday. "However, our mission is to make the world aware of cyber crime."
- "If something like this can happen to us, it can happen to almost anyone," he added.
- Sjouwerman said he could share only limited details because the FBI is actively investigating the matter.
Threat level: Insider threats have become a bigger issue as American AI companies continue to dominate the industry.
The bottom line: KnowBe4 recommended that other companies employ tough job candidate vetting, conduct all remote job interviews with cameras on, and only ship laptops to the address where the candidate lives.
- KnowBe4 will also start shipping new employee laptops to a nearby UPS shop and require employees to provide a picture ID to obtain them.
Editor's note: This story was corrected to say that KnowBe4 contained the hacker's device 25 minutes (not several hours) after they suspected suspicious activity.
