American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices.
He made it though onboarding and got a company laptop with creds. Got flagged by SEC because he got malware day 1. Also they dug in and he was connected to the states with a VPN.
(https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us) They are saying they caught the guy before he had access to anything important.
He made it though onboarding and got a company laptop with creds. Got flagged by SEC because he got malware day 1. Also they dug in and he was connected to the states with a VPN.
HR failed. SEC caught it. Now SEC/CIO yell at HR.