SecurityWeek reports that Florida-based cybersecurity firm KnowBe4 was infiltrated last week by a North Korean hacker purporting to be a software engineer who was hired based on a deep-faked identity.
Within 25 minutes of having received his Mac workstation, the North Korean operative — who used VPN to conceal the location of the IT mule farm where the workstation was sent — leveraged Raspberry Pi to facilitate malware downloads, session history file alterations, file transfers, and unauthorized software execution, according to KnowBe4 CEO Stu Sjouwerman, who noted that the compromise, which was immediately detected and averted, had not impacted the firm's systems.
Such an operation was regarded by Sjouwerman to have shown the hacker's "high level of sophistication in creating a believable cover identity, exploiting weaknesses in the hiring and background check processes, and attempting to establish a foothold" in the firm. The development comes more than two months after the U.S. arrested and charged individuals who helped North Korean IT workers posing as Americans obtain jobs across the country.
