KnowBe4 recruited fake North Korean AI tech professional

KnowBe4 hired a fake IT worker as a software engineer on its artificial intelligence (AI) team. The security training firm KnowBe4 realized its oversight after the new hire began using his company-issued computer with wrongful intentions.

Also read: Credential theft is on the rise and the target is core cybersecurity administrators

The security training provider admitted to the hire in a post on Tuesday. The company’s CEO, Stu Sjouwerman, said that the company’s human resource team interviewed the candidate four times on video conference calls. 

The CEO said the company also confirmed that the same person appears in video interviews as in the picture attached to the job application.

KnowBe4’s new hire was using a fake US ID

Sjouwerman said his company conducted proper background checks before hiring the worker. When every detail was confirmed, the person was hired, and a Mac system was sent to him so that he could start working for the firm.

Sjouwerman said the problem started when the new employee received his workstation. He said, “We sent them their Mac workstation, and the moment it was received, it immediately started to load malware.”

Later, the company found that the culprit was using a stolen US ID and a stock photo, which he tweaked with AI to fake his identity. However, before the faker could steal any valuable information, KnowBe4’s malware detection software identified the malware that he uploaded.

Also read: North Korean hackers infiltrate crypto projects as employees

According to the CEO, a probe was initiated after the software detected the malware and informed their InfoSec Security Operations Center (SOC). 

When the company’s security operations team asked the new hire about the malware and if they could be of any help, things “got dodgy fast,” wrote the CEO. The fake employee replied that he was having some problems with his router and was troubleshooting some speed issues. He insisted that he was following his router guide, which may have caused the issue.

When the company tried to call the fake worker, they got no response from his side. KnowBe4 noted that the user took multiple steps to alter session history files, execute unauthorized software, and upload potentially harmful files to the company network.

North Korea promotes its citizens as tech workers to earn money

North Korea is known for promoting its citizens as tech workers to earn money from foreign companies, according to a report by The Register. Once employed, they find malware targets, which is a well-documented fact according to the publication.

After the company evaluated the attacker’s activities, it shared the information with the FBI for further investigation. The company’s own security team evaluated that the activities were carried out intentionally.

KnowBe4 said the attacker wasn’t successful in gaining any illegal access and wasn’t able to steal any data from the company’s systems. Sjouwerman suggested other firms can avoid such mishaps by utilizing monitoring devices for remote access. KnowBe4’s head also said that sophisticated VPN use and conflicting personal information should be considered warning signs. 

Sjouwerman said the real “scam is that they are actually doing the work, getting paid well, and giving a large amount to North Korea to fund their illegal programs.”