How a North Korean Fake IT Worker Tried to Infiltrate Security Awareness Firm KnowBe4
(blog.knowbe4.com)
from 0x815@feddit.org to technology@beehaw.org on 24 Jul 2024 06:30
https://feddit.org/post/1094761
from 0x815@feddit.org to technology@beehaw.org on 24 Jul 2024 06:30
https://feddit.org/post/1094761
KnowBe4 needed a software engineer for our internal IT AI team. “We posted the job, received resumes, conducted interviews, performed background checks, verified references, and hired the person,” the firm writes on its blog.
“We sent them their Mac workstation, and the moment it was received, it immediately started to load malware.”
[Special points to KnowBe4 for publishing this on its blog. If this can happen to a security awareness firm, it can happen to everyone.]
threaded - newest
Listen. I know that there are some really shitty stuff going on in North Korea, and very real threats that their government is capable of, and it sucks for the people living there who have to do this work under threat of death.
But if you say that “the scam” is they’re doing work and receiving full pay for work done, I’m going to make fun of you. Oh no, someone outside of the West did work and was slightly less exploited by capital than usual in the process. Horror upon horror.
Yeah, they seem to be downplaying the malware bit in that paragraph.
Ah, the ol’ xz utils plan
You cut off the second part of that sentence. The scam isn’t doing the work from a different location, the scam is that they’re using the money to fund North Korea. This isn’t “Kim gets a job online” it’s “Kim is a state actor that is a security risk at any moment and meanwhile causing KnowBe4 to send money to a sanctioned country.”
attention all companies: please stop making pet names for your employees, it’s weird <img alt="bee sob loud emoji" src="https://beehaw.org/emoji/blobbee_sob_loud.png">
I consider myself a newbee.
Wow…this was the company that was founded by the legendary hacker Kevin Mitnick (RIP)
for shame.