In July 2024, KnowBe4 revealed that we had unknowingly hired a North Korean who was pretending to be someone else. We locked down the laptop that was sent to the fake employee within 25 minutes of receiving an alert that he was trying to do something suspicious, and at no time did the North Korean have access to customer data or systems.
We have since updated our hiring processes accordingly to prevent future occurrences and checked all current employees to make sure no others were in similar concerns.
On July 24,2024, we publicly posted the first of several articles concerning the hire. It immediately went viral resulting in dozens of news stories and a lot of media attention. As far as we know, we are the first company to ever publicly reveal the details of the North Korean hiring and detection event, despite several hundreds other U.S. companies having experienced similar situations in the past. We were applauded by many security experts and law enforcement for publicly sharing our experience.
There are right now, likely, hundreds of North Korean fake employees currently hired by U.S. companies and likely thousands around the world. There are likely thousands of U.S. companies today receiving resumes and applications from North Korean fake employees and some of those applicants will be unknowingly hired.
The best way to prevent unknowingly hiring a fake employee is to be aware of it and implement needed controls in your hiring process to prevent it.
To help mitigate the threat of other companies hiring North Korean or other nation-state fake employees, we publicly posted several related blog articles, two webinars, and a detailed whitepaper.
Here are some of the other KnowBe4 North Korean fake employee articles previously posted:
- https://blog.knowbe4.com/north-korean-operatives-infiltrate-job-platforms
- https://blog.knowbe4.com/north-korean-fake-it-worker-faq
- https://blog.knowbe4.com/north-korean-operatives-infiltrate-job-platforms
Tricky North Koreans
You would be surprised how tricky the North Korean fake employees are. They often use stolen, but real identities of citizens in the countries they are targeting, so that any background checks pass with flying colors. They utilize AI-enhanced pictures, video, and other tools to get themselves hired. They have fake LinkedIn profiles, fake GitHub projects, and fake references ready to give them glowing reviews.
They have hundreds of local citizens helping them to maintain the fraud. They can buy fake IDs, get fake driver licenses and passports, and pick up and redistribute payroll checks. They have local citizens pick up company-sent laptops who then set them up for remote logins in a larger “laptop farm”. They use VPNs to fake their location and voice-over-IP (VOIP) telephone numbers to be able to take calls from anywhere.
Some employers have said that the work they churned out was good enough that had it not been illegal to hire them, maybe they would have kept them. But most found out the work product was poor to non-existent, and the North Korean fake employee simply collected the paycheck until they were finally discovered and terminated. Hundreds of millions to billions of dollars are being “earned” and sent back to North Korea to fund their illegal nuclear weapons program. Who wants to be a part of that?
New Webinar
We have an upcoming webinar covering the threat of North Korean fake employees. One covers our personal story of how we unknowingly hired a North Korean employee and how we detected and terminated them. You can find info below:
Don't like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/code-red-webinar
Created and presented by Roger A. Grimes, Data-Driven Defense Evangelist for KnowBe4, it covers more information on North Korean fake employees and gives more mitigations than you can find anywhere else. There are dozens of suggestions in both detecting and preventing fake employees. It covers how to prevent hiring a fake employee and even how to detect one if they are already secreted away among your workforce.
There are hundreds, if not thousands of active North Korean fake employees. Roger’s webinar will help you best prevent becoming yet another company that unknowingly hired a North Korean fake employee and help you update your hiring processes, so it never happens to you. You will not find a better resource.
Happy hiring!
