KnowBe4 Security Reports They Were Infiltrated By North Korean Worker
https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us
This is an interesting one because it goes into details about what prompted the company to investigate one of their remote workers, concluding that they were a North Korean resident posing as a US citizen - The employee applied for a remote security job using a stolen US passport, along with an AI altered photo. They were able to pass a 4 round interview process and get the job.
By having the laptop physically present in the US and connecting from a US IP address, they had hoped to avoid raising suspicion.
@ecksmc Ain't that a bitch? FFS/
@ecksmc JFC that's pretty elaborate, and scary to think of how they'll 'learn' from this and tweak the process so they do better the next time. 😬
Shortly after, suspicious activity from the employee’s laptop triggered a SOC alert and an investigation began.
looks like what happened is the employee had their company issue laptop mailed to a “laptop mule” (someone residing within the US who would operate the laptop on their behalf). The laptop mule then installed remote access software, allowing the real worker to control the laptop remotely from North Korea.