Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity NewsGovernment: Federal, State and Local

North Korean hacker tries to access KnowBe4, security leaders react

By Jordyn Alger, Managing Editor
Person in hoodie on laptop

Image via Unsplash

August 1, 2024

On July 23, 2024, KnowBe4 announced that a North Korean hacker attempted to infiltrate its systems. According to the statement, the hacker constructed a believable identity by leveraging a valid yet stolen identity based in the United States and using an AI-enhanced image. After interviews were conducted, the hacker passed background checks and reference checks and received the job. The hacker was sent a company device, and they began to load malware onto it. Once the SOC recognized something was amiss, the device was contained and the hacker’s infiltration attempts were unsuccessful. The announcement asserts that this incident is a part of an organized, state-sponsored criminal ring. 

Security leaders weigh in 

Stephen Kowski, Field CTO at SlashNext Email Security+:

“The KnowBe4 incident reveals how state-sponsored attackers are evolving to create convincing fake identities. It’s clear we need to rethink our approach to security. This means implementing more rigorous vetting, constant monitoring and fostering seamless collaboration across HR, IT and security teams. By harnessing the power of machine learning and behavioral analysis, we can stay one step ahead of these sophisticated threats and safeguard our digital ecosystems.” 

Mr. Piyush Pandey, CEO at Pathlock:

“This incident at KnowBe4 is a great example as to why organizations need to establish continuous controls monitoring capabilities to detect and respond to suspicious activities promptly. Regular audits of employee access activities can help identify anomalies early, allowing them to initiate identity threat response protocols before a breach becomes too widespread.

“Also, strict access controls layered with technologies, such as data masking and dynamic access controls, can limit access to sensitive information. This is an important component of least privilege, ensuring employees only have access to the data necessary for their role.” 

Callie Guenther, Senior Manager, Cyber Threat Research at Critical Start:

“North Korean operatives are increasingly infiltrating Western companies by posing as legitimate IT workers, using sophisticated methods to bypass hiring processes. They create fake identities, use proxies and exploit remote work trends to avoid detection. Companies can identify potential threats by scrutinizing resumes, verifying identities and monitoring for unusual behavior. Federal agencies like the FBI, CISA, DOJ and the Treasury Department can assist businesses by providing guidance, intelligence and legal support. The geopolitical threat includes generating revenue for North Korea’s regime, facilitating cyber espionage and straining international relations, particularly with China’s implicit support. Businesses must adopt stringent security practices and collaborate with federal agencies to mitigate these risks.” 

John Bambenek, President at Bambenek Consulting:

“Ensuring employees, and especially contractors, has been a weak spot in corporate security for as long as there have been businesses. The World Bank / Satyam debacle is probably the most extreme example. Unfortunately, this problem has gotten significantly worse since the pandemic with many companies remaining fully remote. However, the 100% in-office workplaces are far from immune. There just aren’t good answers except trying to find the obvious bad actors up front and maintaining vigilant behavioral monitoring of key employees in the workplace looking for problematic activities.” 

KEYWORDS: hacker hacker news nation-state attack nation-state security security leaders

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jordynalger

Jordyn Alger is the managing editor for Security magazine. Alger writes for topics such as physical security and cyber security and publishes online news stories about leaders in the security industry. She is also responsible for multimedia content and social media posts. Alger graduated in 2021 with a BA in English – Specialization in Writing from the University of Michigan. Image courtesy of Alger

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Cybersecurity
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Security Leadership and Management
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Medical professional

Nearly 85% of Nurses Experienced Workplace Violence in the Last Year

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • Coding laptop and workspace

    North Korean hacker group using false coding tests to spread malware

    See More
  • Man working on two laptops

    Nashville man charged with aiding North Korean “laptop farms”

    See More
  • workforce

    Three North Korean military hackers indicted in scheme to commit cyberattacks

    See More

Related Products

See More Products
  • The Database Hacker's Handboo

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • The Complete Guide to Physical Security

See More Products

Events

View AllSubmit An Event
  • July 8, 2026

    The 2026 Security Maturity Benchmark Report: Insights From Senior Security Leaders

    ON DEMAND: In this webinar, speakers will share key insights from the 2026 Security Maturity Benchmark Report, including why today’s threat environment demands greater maturity and how to evaluate your organization’s current security posture.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing