KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack
KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack
American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices.
It's a little bit ironic to me that the security company formerly run by the man who literally wrote the book on social engineering may have fallen victim to a social engineering attack.
And makes it's living on telling other companies how to increase their security posture
The grift has come fulk circle
We learn more lessons by failing than succeeding.
True, but Kevin certainly had his share of both.
Guess they didn't KnowBe4.
(https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us) They are saying they caught the guy before he had access to anything important.
He made it though onboarding and got a company laptop with creds. Got flagged by SEC because he got malware day 1. Also they dug in and he was connected to the states with a VPN.
HR failed. SEC caught it. Now SEC/CIO yell at HR.
This report makes it sound like they had a video call with camera on, vs other reports where they recommend people have camera on because they didn't
also used AI tools to create a profile picture and match that face during the video conference calls.
This doesn't sounds like the video was on / faked only that they had a call where the profile picture was used.
Boy, I bet they wish they.. (drumroll) KnewBe4