Security firm experiencing nightmare after learning remote employee is North Korean hacker

The US State Department also opened an indictment against a North Korean hacker

A digital security firm got the shock of a lifetime when it came to light that one of its remote workers was actually a North Korean hacker after he infected his new company laptop with malware.

"The moment it was received, it immediately started to load malware," security firm KnowBe4 wrote in a blog post about the incident. The company stressed that "no illegal access was gained, and no data was lost, compromised or exfiltrated on any KnowBe4 systems."

"KnowBe4 needed a software engineer for our internal IT AI team," the company explained. "We posted the job, received resumes, conducted interviews, performed background checks, verified references and hired the person. We sent them their Mac workstation, and the moment it was received, it immediately started to load malware."

KnowBe4 hired the unnamed employee and noticed "a series of suspicious activities" on July 15 after sending a Mac laptop to the employee for work purposes. The company reached out to the user, but the employee responded that he was troubleshooting a "speed issue" and may have "caused a compromise."

FTC PROBES AI-POWERED ‘SURVEILLANCE PRICING’ AT MASTERCARD, JPMORGAN CHASE, MCKINSEY AND OTHERS

Pyongyang Hospital attack

A North Korean flag is seen on an Android mobile device with a figure of a hacker in the background.  (Budrul Chukrut/SOPA Images/LightRocket via Getty Images / Getty Images)

Attempts to follow up with the employee were met with silence as he appeared unavailable for a call and did not respond. 

The company claimed the hacker operated as part of a "well-organized, state-sponsored, large criminal ring with extensive resources." It was likely referring to Andariel, a group the U.S. government has highlighted due to its ties to the Democratic People’s Republic of Korea (DPRK)’s military intelligence agency. 

"The case highlights the critical need for more robust vetting," the company argued, along with more stringent security vetting and monitoring. 

HEALTH CARE INDUSTRY EXPERIENCING INCREASING ATTACKS BY CYBERCRIMINALS

North Korea computers

A computer lab in the people's study house in Pyongan Province, Pyongyang, North Korea, is seen on May 22, 2009. (Eric Lafforgue/Art In All Of Us/Corbis via Getty Images / Getty Images)

The incident occurred as the U.S. Department of State revealed an indictment against a North Korean national who allegedly hacked hospitals in the U.S. Rim Jong Hyok worked for a cyber group known as Andariel, which is controlled by the DPRK’s military intelligence agency, according to the department. 

Rim and others "conspired to hack into the computer systems of U.S. hospitals and other healthcare providers, install Maui ransomware and extort ransoms," according to the State Department’s statement on the case.

"In one computer intrusion operation that began in November 2022, the malicious cyber actors hacked a U.S-based defense contractor from which they extracted more than 30 gigabytes of data, including unclassified technical information regarding material used in military aircraft and satellites, much of which was from 2010 or earlier," the department said. 

SAMSUNG'S MAIN UNION IN SOUTH KOREA TO GO ON STRIKE INDEFINITELY

Justice indictment hackers

A U.S. Department of State sign in Washington, D.C. (Beata Zawrzel/NurPhoto via Getty Images / Getty Images)

The FBI was able to seize online accounts used by the hacking group along with more than $600,000 in proceeds from the ransomware attacks, which has or will be returned to victims, a senior FBI official told reporters.

CLICK HERE TO READ MORE ON FOX BUSINESS

The Justice Department has brought multiple criminal cases related to North Korean hacking in recent years, often alleging a profit-driven motive that differentiates the activity from that of hackers in Russia and China.

The Associated Press contributed to this report.