**⇄ Σ = Mᄃ² ⇆** @[email protected] · Jul 25, 2024, 21:58

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Jul 25, 2024, 21:58

⇄ Σ = Mᄃ² ⇆ @[email protected]

Jul 25, 2024, 21:58

KnowBe4 Security Reports They Were Infiltrated By North Korean Worker

https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us

This is an interesting one because it goes into details about what prompted the company to investigate one of their remote workers, concluding that they were a North Korean resident posing as a US citizen - The employee applied for a remote security job using a stolen US passport, along with an AI altered photo. They were able to pass a 4 round interview process and get the job.

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Jul 25, 2024, 21:59

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Jul 25, 2024, 21:59

Jul 25, 2024, 21:59

⇄ Σ = Mᄃ² ⇆ @[email protected]

Shortly after, suspicious activity from the employee’s laptop triggered a SOC alert and an investigation began.

looks like what happened is the employee had their company issue laptop mailed to a “laptop mule” (someone residing within the US who would operate the laptop on their behalf). The laptop mule then installed remote access software, allowing the real worker to control the laptop remotely from North Korea.

**⇄ Σ = Mᄃ² ⇆** @[email protected] · 2024-07-25T21:59:59Z

⇄ Σ = Mᄃ² ⇆ @[email protected]

By having the laptop physically present in the US and connecting from a US IP address, they had hoped to avoid raising suspicion.

Jul 25, 2024, 21:59 · 0· 0· 4

Resources

Developers

What is CounterSocial?

counter.social

More…