KnowBe4 Security Reports They Were Infiltrated By North Korean Worker

blog.knowbe4.com/how-a-north-k

This is an interesting one because it goes into details about what prompted the company to investigate one of their remote workers, concluding that they were a North Korean resident posing as a US citizen - The employee applied for a remote security job using a stolen US passport, along with an AI altered photo. They were able to pass a 4 round interview process and get the job.

Shortly after, suspicious activity from the employee’s laptop triggered a SOC alert and an investigation began.

looks like what happened is the employee had their company issue laptop mailed to a “laptop mule” (someone residing within the US who would operate the laptop on their behalf). The laptop mule then installed remote access software, allowing the real worker to control the laptop remotely from North Korea.

Follow

By having the laptop physically present in the US and connecting from a US IP address, they had hoped to avoid raising suspicion.

Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.