720-891-1663
Recently we reported about an attack against cybersecurity training KnowBe4 by a North Korean actor posing as a remote IT worker. The good news is that unlike many attacks, KnowBe4 detected this one in 25 minutes and shut it down.
In CrowdStrike’s (yes, THAT CrowdStrike) 2024 Threat Hunting Report, they reported on multiple cases of DPRK (North Korea) hackers posing as remote IT workers. One group, Famous Chollima, had North Korean hackers hired at more than 30 US companies.
The industries include aerospace, defense, retail and tech.
CrowdStrike’s threat hunters discovered that after obtaining employee-level access to victim networks, the phony workers performed at minimal enough levels to keep their jobs while attempting to exfiltrate data using Git, SharePoint, and OneDrive and installing remote monitoring and management (RMM) tools.
They found that over a hundred companies hired workers from this hacking group.
Would you know if this happened to you?
If you need assistance at upping your protection, please contact us.
Credit: CSO Online