KNOWBE4, a company specializing in cybersecurity, recently thwarted an attempted breach of its IT system by a fake employee believed to be affiliated with North Korea. Thanks to the prompt actions of the IS department, the company was able to prevent any harm; however, this incident serves as a warning to all organizations.
The company had been seeking a programmer engineer for its AI development team and had posted job openings, conducted interviews, and vetted candidates. The individual in question had passed all standard checks, including video interviews and questionnaire reviews, giving no cause for suspicion.
However, it was later discovered that the stolen identity of the person who applied for the job was used to deceive the company. Once a work computer was provided to the new employee, suspicious activities were flagged by Endpoint Detection and Response (EDR) software, which promptly alerted the Security Operations Center (SOC).
Upon further investigation, it became evident that the new employee, who was later revealed to be a shell agent from North Korea, had engaged in malicious activities such as session manipulations, malware deployment via Raspberry Pi, and using VPNs to mask their location.
This incident highlights the level of sophistication and resources employed by cyber attackers. By using dummy identities, VPNs, and virtual machines, these adversaries strive to gain unauthorized access to corporate systems under the guise of legitimate employment.
In response, KNOWBE4 has developed several recommendations to help prevent such incidents in the future, which other organizations can also implement:
Regular scanning of remote devices.
Enhanced screening checks and validation of candidate data.
Conducting video interviews with potential employees.
Strengthening access controls and authentication measures.
Increasing employee awareness of social engineering tactics.
It is crucial for organizations to remain vigilant for signs such as the use of VOIP numbers, the absence of a digital footprint, inconsistencies in personal information, and attempts to install malicious software. By conducting more rigorous and timely checks, companies can better defend against infiltration attempts by cyber attackers.