US Cybersecurity Firm Accidentally Hires North Korean Hacker

"Do we have egg on our face? Yes," says the company CEO following the hire.

US security vendor KnowBe4 has just revealed that a North Korean hacker tricked them with an AI image and stolen ID.

The hacker immediately attempted to load malware into the company’s system but was not successful. According to CEO and founder Stu Sjouwerman, “no data was lost, compromised, or exfiltrated on any KnowBe4 systems.”

The incident is now an active FBI investigation, although the hacker has not been confirmed as a nation state actor just yet. Here’s how this somewhat embarrassing mistake happened, and how it could have been a lot worse.

Hacker Passed Background Check With Stolen ID

The hacker was able to get through all of the company’s typical new-hire routines: He responded to a job posting, sent resumes, attended four video conference interviews, passed background checks and “all other standard pre-hiring checks,” and provided references.

Once hired and sent a Mac workstation, the hacker loaded malware.

 

About Tech.co Video Thumbnail Showing Lead Writer Conor Cawley Smiling Next to Tech.co LogoThis just in! View
the top business tech deals for 2024 👨‍💻
See the list button

How did the hacker beat the background checks? With a genuinely valid but stolen US identity, paired with an AI-enhanced image that matched the hacker’s own face. Here’s the original stock photo image on the left, with the enhanced version on the right.

An AI image fake used by hacker, with the original image on the left.

The image was eventually detected by software, and the company’s InfoSec Security Operations Center was able to flag the issue, bringing on cybersecurity company Mandiant and the FBI.

Any Tips to Avoid This in the Future?

Sjouwerman notes in his blog post about the incident that new employees have “highly restricted” access to information when they first start, which proved to be the right move in this case.

He also offered further general advice for businesses that want to avoid this specific problem themselves:

  • Scan remote devices to ensure no one is accessing them remotely
  • Improve vetting with a focus on the employee’s physical presence being where they claim it is
  • Improve resume scanning
  • Use video interviews and verify past work
  • Check that the laptop’s shipping address is the same as where the new employee claims to live

The “what to look out for” section also lists “attempt to execute malware.” If you’re ever hired at a cybersecurity firm, don’t do that!

How Did KnowBe4 Handle It All? Very Publically.

You’ve got to hand it to KnowBe4: If some cybersecurity companies were compromised by a hacker, they might be tempted to protect their reputation by keeping quiet about the whole matter. In sharp contrast, KnowBe4 broke the news itself in a blog post, with a follow-up FAQ page about the entire incident to boot.

“Do we have egg on our face? Yes. And I am sharing that lesson with you. It’s why I started KnowBe4 in 2010. In 2024 our mission is more important than ever.” – CEO Stu Sjouwerman

By sharing the news themselves, the company can control their own narrative. More importantly, though, they can highlight just how easily a hacker can slip through the cracks of even the best security systems.

Thanks to the prevalence of stolen databases online, millions of IDs are already leaked and available. Yours might even be among them, if you’ve ever used companies as popular and widespread as, say, Xfinity (more than 35 million customers were affected in a 2023 breach) or Ticketmaster (well over half a billion customers were impacted in a breach earlier this year).

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He was a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and his art history book on 1970s sci-fi, 'Worlds Beyond Time,' was a 2024 Locus Awards finalist. When not working on his next art collection, he's tracking the latest news on VPNs, POS systems, and the future of tech.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals