The EDR software detected it and alerted our InfoSec Security Operations Center. The SOC called the new hire and asked if they could help. That's when it got dodgy fast. We shared the collected data with Mandiant, a leading global cybersecurity expert, and the FBI, to corroborate our initial findings.
It turns out this was a fake IT worker from North Korea. The picture you see is an AI deepfake that started out with stock photography.
On July 15, 2024, a series of suspicious activities were detected on the user beginning at 9:55pm EST. When these alerts came in KnowBe4's SOC team reached out to the user to inquire about the anomalous activity and possible cause. XXXX responded to SOC that he was following steps on his router guide to troubleshoot a speed issue and that it may have caused a compromise.
[
Collection
]
[
|
...
]