KnowBe4, a US-based security vendor, became the target of an insider cyber threat when it inadvertently hired a North Korean hacker posing as a software engineer. Using a stolen US identity and AI-enhanced fake photo, the hacker was onboarded and sent a Mac workstation. Upon receipt, the workstation began loading malware, signaling a deliberate threat attempt. The activity was detected by KnowBe4's Security Operations Center (SOC) before any harm was done, with no data lost, compromised, or exfiltrated. An FBI investigation is ongoing, examining the incident as a potential insider threat or nation-state actor orchestration.
Source: https://www.wired.com/story/north-korean-hacker-hired-ecurity-company-malware/
TPRM report: https://scoringcyber.rankiteo.com/company/knowbe4
"id": "kno000072724",
"linkid": "knowbe4",
"type": "Breach",
"date": "7/2024",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'industry': 'Cybersecurity',
'location': 'United States',
'name': 'KnowBe4',
'type': 'Security Vendor'}],
'attack_vector': 'Hiring a malicious insider',
'data_breach': {'data_exfiltration': 'None'},
'description': 'KnowBe4, a US-based security vendor, became the target of an '
'insider cyber threat when it inadvertently hired a North '
'Korean hacker posing as a software engineer. Using a stolen '
'US identity and AI-enhanced fake photo, the hacker was '
'onboarded and sent a Mac workstation. Upon receipt, the '
'workstation began loading malware, signaling a deliberate '
"threat attempt. The activity was detected by KnowBe4's "
'Security Operations Center (SOC) before any harm was done, '
'with no data lost, compromised, or exfiltrated. An FBI '
'investigation is ongoing, examining the incident as a '
'potential insider threat or nation-state actor orchestration.',
'impact': {'data_compromised': 'None', 'systems_affected': 'Mac workstation'},
'initial_access_broker': {'entry_point': 'Hiring process'},
'investigation_status': 'Ongoing FBI investigation',
'motivation': 'Potential nation-state actor orchestration',
'response': {'containment_measures': 'Detection by SOC',
'law_enforcement_notified': 'Yes'},
'threat_actor': 'North Korean Hacker',
'title': 'Insider Threat at KnowBe4',
'type': 'Insider Threat',
'vulnerability_exploited': 'Trust in employment process'}