Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

North Korean hacker got hired by US security vendor, immediately loaded malware

⁨295⁩ ⁨likes⁩

Submitted ⁨⁨3⁩ ⁨months⁩ ago⁩ by ⁨jeffw@lemmy.world⁩ to ⁨technology@lemmy.world⁩

https://arstechnica.com/tech-policy/2024/07/us-security-firm-unwittingly-hired-apparent-nation-state-hacker-from-north-korea/

source

Comments

Sort:hotnewtop
  • Imhotep@lemmy.world ⁨3⁩ ⁨months⁩ ago

    Even though the photo provided to HR was fake, the person who was interviewed for the job apparently looked enough like it to pass.

    why not send an actual picture of his face?

    source
    • Philippe23@lemmy.ca ⁨3⁩ ⁨months⁩ ago

      My guess would be that they needed to get a mid-point between existing photos of the guy whose identity they stole and the guy that would show up in the video interviews.

      source
      • boyi@lemmy.sdf.org ⁨3⁩ ⁨months⁩ ago

        Very unlikely, If you read and refer to the article. The identity was stolen but the pic is a stock photo.

        The two images at the top of this story are a stock photo and what KnowBe4 says is the AI fake based on the stock photo.

        source
        • -> View More Comments
  • independantiste@sh.itjust.works ⁨3⁩ ⁨months⁩ ago

    This is the company that made “The Inside Man”, a series where a company gets infiltrated by not being careful enough of who they hire

    source
    • thurstylark@lemm.ee ⁨3⁩ ⁨months⁩ ago

      Oh yeah, I remember having to watch those for onboarding. They weren’t as cheesy as they could have been for an informational video.

      I do appreciate how they’re handling it, though. A public post-mortem is much more reassuring than damage control PR. Plus, being honest means they gain the IT folks who actually have to use their stuff as allies.

      source
      • independantiste@sh.itjust.works ⁨3⁩ ⁨months⁩ ago

        Yeah, the series is pretty entertaining actually. And for the PR thing, they pitched it as a learning incident, and I agree with that, but they are lucky nothing truly bad happened because this company sends phishing tests, and a link could be replaced by the attackers - kind of like in a fake fake phishing email.

        source
  • piyuv@lemmy.world ⁨3⁩ ⁨months⁩ ago

    The scam is that they are actually doing the work, getting paid well, and give a large amount to North Korea to fund their illegal programs.

    So even if you do the work and do it well, you’re not allowed to spend your money how you see fit

    source
  • SpicyLizards@reddthat.com ⁨3⁩ ⁨months⁩ ago

    Way to break that hard earned trust guys

    source
    • paridoxical@lemmy.world ⁨3⁩ ⁨months⁩ ago

      They lost any trust when we learned they are a bunch of bat-shit scientologists.

      source
      • jaybone@lemmy.world ⁨3⁩ ⁨months⁩ ago

        North Korea?

        source
  • sugar_in_your_tea@sh.itjust.works ⁨3⁩ ⁨months⁩ ago

    I just wonder how many haven’t been caught…

    source
  • sharkfucker420@lemmy.ml ⁨3⁩ ⁨months⁩ ago

    Image

    source
  • ipkpjersi@lemmy.ml ⁨3⁩ ⁨months⁩ ago

    How does that even happen lmao

    source