KnowBe4

KnowBe4

KnowBe4, a US-based security vendor, became the target of an insider cyber threat when it inadvertently hired a North Korean hacker posing as a software engineer. Using a stolen US identity and AI-enhanced fake photo, the hacker was onboarded and sent a Mac workstation. Upon receipt, the workstation began loading malware, signaling a deliberate threat attempt. The activity was detected by KnowBe4's Security Operations Center (SOC) before any harm was done, with no data lost, compromised, or exfiltrated. An FBI investigation is ongoing, examining the incident as a potential insider threat or nation-state actor orchestration.

Source: https://www.wired.com/story/north-korean-hacker-hired-ecurity-company-malware/

TPRM report: https://scoringcyber.rankiteo.com/company/knowbe4

"id": "kno000072724",
"linkid": "knowbe4",
"type": "Breach",
"date": "7/2024",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'industry': 'Cybersecurity',
                        'location': 'United States',
                        'name': 'KnowBe4',
                        'type': 'Security Vendor'}],
 'attack_vector': 'Hiring a malicious insider',
 'data_breach': {'data_exfiltration': 'None'},
 'description': 'KnowBe4, a US-based security vendor, became the target of an '
                'insider cyber threat when it inadvertently hired a North '
                'Korean hacker posing as a software engineer. Using a stolen '
                'US identity and AI-enhanced fake photo, the hacker was '
                'onboarded and sent a Mac workstation. Upon receipt, the '
                'workstation began loading malware, signaling a deliberate '
                "threat attempt. The activity was detected by KnowBe4's "
                'Security Operations Center (SOC) before any harm was done, '
                'with no data lost, compromised, or exfiltrated. An FBI '
                'investigation is ongoing, examining the incident as a '
                'potential insider threat or nation-state actor orchestration.',
 'impact': {'data_compromised': 'None', 'systems_affected': 'Mac workstation'},
 'initial_access_broker': {'entry_point': 'Hiring process'},
 'investigation_status': 'Ongoing FBI investigation',
 'motivation': 'Potential nation-state actor orchestration',
 'response': {'containment_measures': 'Detection by SOC',
              'law_enforcement_notified': 'Yes'},
 'threat_actor': 'North Korean Hacker',
 'title': 'Insider Threat at KnowBe4',
 'type': 'Insider Threat',
 'vulnerability_exploited': 'Trust in employment process'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.