It’s every manager’s worst nightmare: hiring a remote employee who turns out to be a North Korean hacker intent on loading malware on to your network. But that’s what happened to the US cyber security company KnowBe4 last year, as the company’s founder, Stu Sjouwerman, described in a candid blog post.
KnowBe4 had posted a job ad for an AI software engineer, interviewed candidates by video, conducted background checks, verified references and made an offer. But soon after the company sent a Mac workstation to the remote employee’s notional address, he went rogue. The company quickly discovered he was a fake North Korean IT worker, who had used a valid, but stolen, US-based identity to land the job. He then accessed the workstation remotely from Asia via an “IT mule laptop farm”.
Thankfully, no data was compromised but the company said it sure was a “learning moment”. “If it can happen to us, it can happen to almost anyone. Don’t let it happen to you,” Sjouwerman wrote.