this post was submitted on 24 Jul 2024
184 points (97.4% liked)

Technology

58092 readers
3939 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
184
How a North Korean Fake IT Worker Tried to Infiltrate Security Awareness Firm KnowBe4 (blog.knowbe4.com)
submitted 1 month ago by 0x815@feddit.org to c/technology@lemmy.world
20 comments fedilink hide all child comments
 

cross-posted from: https://feddit.org/post/1094761

Archived version

KnowBe4 needed a software engineer for our internal IT AI team. "We posted the job, received resumes, conducted interviews, performed background checks, verified references, and hired the person," the firm writes on its blog.

"We sent them their Mac workstation, and the moment it was received, it immediately started to load malware."

[Special points to KnowBe4 for publishing this on its blog. If this can happen to a security awareness firm, it can happen to everyone.]

you are viewing a single comment's thread
view the rest of the comments
[–] jet@hackertalks.com 22 points 1 month ago (1 children)

Hiring somebody without ever physically seeing them is a curious reality

I'm surprised , if the intention has stated, is to work well paid job and place a resource, why load malware at all?

If they're just trying to remote into the device, why are they remoting indirectly to the laptop? Why not use a remote KVM that hooks up to the output and USB ports?

[–] pixely@lemmy.world 7 points 1 month ago (1 children)

Interesting point about the KVM. To make it transparent the KVM would need to report the model of a real monitor in the display EDID data. Also if you’re monitoring the device, which is almost certainly a laptop, it would be suspicious if it was plugged in to a monitor 100% of the time.

[–] jet@hackertalks.com 26 points 1 month ago (2 children)

Having a laptop permanently in a dock is pretty normal for tech workers.

[–] femtech@midwest.social 6 points 1 month ago

Mine is either connected to a USBC dock at home or the office. I have only used it without when at a hotel.

[–] pixely@lemmy.world 1 points 1 month ago (1 children)

Sure, I use a ThunderBolt dock at home, but being docked 100% of the time is probably not normal.

[–] 5too@lemmy.world 7 points 1 month ago (1 children)

Mine has been docked for months at a time. I recently started shifting it to be near the kids when they're home; but not undocking it wouldn't strike me as strange at all.

[–] pixely@lemmy.world 3 points 1 month ago

That’s fair!