Incident Report Summary: Insider Threat
Disclaimer: No access was gained or compromised on KnowBe4 systems.
TLDR: KnowBe4 needed a software engineer for our internal IT AI team. We posted the job, received resumes, conducted interviews, performed background checks, verified references, and hired the person. We sent them their Mac workstation, and the moment it was received, it immediately started to load malware.
The EDR software detected it and alerted our InfoSec Security Operations Center. The SOC called the new hire and asked if they could help. That’s when it got dodgy fast. We immediately locked the box and started investigating, working with Mandiant and the FBI. It turns out this was a fake IT worker from North Korea. The picture you see is an AI deepfake that started out with stock photography (below).