It’s been reported that US Security Awareness Training Company ‘KnowBe4’ unknowingly hired a North Korean hacker as a (remote) software engineer. The hacker used stolen identity and AI-generated imagery to circumvent KnowBe4’s due diligence and was even able to make it through four rounds of interviews before being offered the position.
However, KnowBe4 discovered the hacker’s true identity during a routine security audit when they noticed that a series of suspicious actions had been performed by the new employee. Once identified, the hacker’s access was immediately revoked, the breach was reported to authorities, and the incident, described as an “organisational learning moment” prompted an internal review.
KnowBe4 has suggested that this incident may be part of a broader North Korean campaign to infiltrate US organisations by posing as remote IT staff. The advice to businesses is that HR departments should thoroughly scrutinise remote candidates, especially for critical infrastructure roles or positions with access to sensitive data.