North Korean spy successfully infiltrated a cybersecurity training company using stolen credentials and a fake VPN – here’s how to avoid becoming a victim
Remote hiring, once a niche practice, has become the norm for many organizations worldwide. Cybersecurity awareness training company WeetBe4 recently discovered that the convenience of remote recruiting also comes with significant risks.
The company inadvertently hired a North Korean spy who managed to bypass security measures, exposing critical vulnerabilities in modern hiring processes.
The deception came to light when the laptop provided by the company immediately began downloading malicious software upon first use. Fortunately, KnowBe4’s security systems detected the threat early, preventing data compromise.
Exposing the Deception: How a Spy Infiltrated KnowBe4
In July 2024, KnowBe4’s US office hired “a qualified candidate” for a remote role.
Despite rigorous background checks and multiple video interviews, the person, who later turned out to be a North Korean spy, managed to infiltrate the company. Using a stolen american identitythe fraudsters convincingly pretended to be working from the United States and used a virtual private network (VPN) and by logging in at night, they hid their real location: China or North Korea.
The incident is a stark warning that even the most security-conscious organizations must remain vigilant and continually adapt their practices to address emerging threats.
One of the biggest takeaways from KnowBe4’s experience is the importance of recognizing potential red flags during the hiring process. Fraudsters are becoming increasingly sophisticated, using advanced techniques to create false but believable identities. Here are some common signs that a candidate may not be who they claim to be:
- Inconsistencies in birth dates, educational backgrounds, or unexplained gaps in employment history should raise suspicion. Fraudsters may provide incomplete or misleading information to avoid detection.
- Simple email verifications are no longer enough. It is essential to make phone calls to listed references to confirm their legitimacy. Direct conversations can reveal more than what is in an email.
- Candidates who seem overqualified for the role and seem to be exactly what the company needs may try to avoid scrutiny by relying on their impressive credentials. This tactic is often used by fraudsters to speed up the hiring process.
- A candidate’s reluctance to appear on camera during interviews is a major red flag. While there may be legitimate reasons, fraudsters often avoid video interviews to hide their true identity.
- In today’s connected world, most people have some form of online presence. A candidate without a digital footprint, or a “digital mind,” deserves further investigation.
A crucial step in protecting against these types of incidents is the use of Multi-factor authentication (MFA) from the start. By requiring new employees to verify their identity using hardware tokens Businesses add an essential layer of security to emails sent to verified physical addresses, ensuring only the intended recipient can access corporate systems.
Additionally, it is vital to provide new employees with pre-configured, secure devices and restrict their access to sensitive information until their identity has been thoroughly verified. This approach, which was instrumental in detecting the malware in the case of KnowBe4, helps limit the risk of malicious activity. Organizations should also take a zero trust approach by restricting access to the system for new employees until they have completed all necessary training and security checks.
Additionally, improving the authentication process for remote workers can be accomplished by sending corporate devices to trusted remote locations, such as UPS branches, where recipients must present valid ID. This can help prevent malicious actors from gaining physical access to sensitive hardware. KnowBe4 activates this strategy post-breach.
“For a cybersecurity company like ours to be caught with egg on its face was a big wake-up call,” admitted Anna Collard, Senior Vice President of Content Strategy & Evangelist at KnowBe4 AFRICA.
“We could have kept our mouths shut, but instead we shared our story in the hope that other organizations could learn from it.”