Security firm experiencing nightmare after learning remote employee is
A digital security firm got the shock of a lifetime when it came to light that one of its remote workers was actually a North Korean hacker after he infected his new company laptop with malware.
“The moment it was received, it immediately started to load malware,” security firm KnowBe4 wrote in a blog post about the incident. The company stressed that “no illegal access was gained, and no data was lost, compromised or exfiltrated on any KnowBe4 systems.”
“KnowBe4 needed a software engineer for our internal IT AI team,” the company explained. “We posted the job, received resumes, conducted interviews, performed background checks, verified references and hired the person. We sent them their Mac workstation, and the moment it was received, it immediately started to load malware.”
KnowBe4 hired the unnamed employee and noticed “a series of suspicious activities” on July 15 after sending a Mac laptop to the employee for work purposes. The company reached out to the user, but the employee responded that he was troubleshooting a “speed issue” and may have “caused a compromise.”
FTC PROBES AI-POWERED ‘SURVEILLANCE PRICING’ AT MASTERCARD, JPMORGAN CHASE, MCKINSEY AND OTHERS
Attempts to follow up with the employee were met with silence as he appeared unavailable for a call and did not respond.
The company claimed the hacker operated as part of a “well-organized, state-sponsored, large criminal ring with extensive resources.” It was likely referring to Andariel, a group the U.S. government has highlighted due to its ties to the Democratic People’s Republic of Korea (DPRK)’s military intelligence agency.
“The case highlights the critical need for more robust vetting,” the company argued, along with more stringent security vetting and monitoring.
HEALTH CARE INDUSTRY EXPERIENCING INCREASING ATTACKS BY CYBERCRIMINALS
The incident occurred as the U.S. Department of State revealed an indictment against a North Korean national who allegedly hacked hospitals in the U.S. Rim Jong Hyok worked for a cyber group known as Andariel, which is controlled by the DPRK’s military intelligence agency, according to the department.
Rim and others “conspired to hack into the computer systems of U.S. hospitals and other healthcare providers, install Maui ransomware and extort ransoms,” according to the State Department’s statement on the case.
“In one computer intrusion operation that began in November 2022, the malicious cyber actors hacked a U.S-based…
Read More: Security firm experiencing nightmare after learning remote employee is