US security vendor KnowBe4 has just revealed that a North Korean hacker tricked them with an AI image and stolen ID.
The hacker immediately attempted to load malware into the company’s system but was not successful. According to CEO and founder Stu Sjouwerman, “no data was lost, compromised, or exfiltrated on any KnowBe4 systems.”
The incident is now an active FBI investigation, although the hacker has not been confirmed as a nation state actor just yet. Here’s how this somewhat embarrassing mistake happened, and how it could have been a lot worse.
The hacker was able to get through all of the company’s typical new-hire routines: He responded to a job posting, sent resumes, attended four video conference interviews, passed background checks and “all other standard pre-hiring checks,” and provided references.
Once hired and sent a Mac workstation, the hacker loaded malware.
How did the hacker beat the background checks? With a genuinely valid but stolen US identity, paired with an AI-enhanced image that matched the hacker’s own face. Here’s the original stock photo image on the left, with the enhanced version on the right.