How a North Korean Remote Worker Got Hired by a US Cybersecurity Firm
July 26, 2024KnowBe4, a prominent cybersecurity company, admitted to unknowingly hiring a North Korean hacker who immediately tried to load malware on his work computer.
The story comes from a blog post by KnowBe4’s CEO and founder, Stu Sjouwerman. He said there was no data breach or harm to the company’s customers. Instead, he wanted to caution other companies to be more vigilant in making new hires—lest they also fall prey to a “well-organized, state-sponsored, large criminal ring.”
Sjouwerman explained that his company needed a software engineer for its internal IT AI team. After posting the job, they began analyzing resumes, conducting interviews, performing background checks, and verifying references.
“Our HR team conducted four video conference-based interviews on separate occasions, confirming the individual matched the photo provided on their application,” the post stated.
The hacker wasn’t flagged during his background check because he used the stolen identity of a US citizen with a clean record—along with a stock photo, which he face-swapped with his own.
Once the man secured his role at KnowBe4, the company sent him his computer. But the address he provided was for what Sjouwerman called an “IT mule laptop farm,” which served a surprising purpose.
Sjouwerman said someone there would “work the night shift so that they seem to be working in US daytime.” He said the plan was for them to be “actually doing the work, getting paid well,” and then give the money to the North Korean government.
Before that could happen, though, they downloaded malware and performed other suspicious actions. The company flagged them as a suspected “Insider Threat/Nation State Actor,” and within a half-hour had contained his device.
“We shared the collected data with our friends at Mandiant, a leading global cybersecurity expert, and the FBI, to corroborate our initial findings,” Sjouwerman wrote.
Ironically, KnowBe4 offers security awareness training like phishing security tests to prevent scams. The company insists: “If it can happen to us, it can happen to almost anyone. Don't let it happen to you.”