Catching a North Korean Hacking Attempt

Agency received intel suggesting that one of our clients was the victim of an employment identity fraud scam with potential ties to the government of North Korea. Once we became aware of the fraud attempt, we immediately contacted our client to arrange a live Zoom meeting. The meeting took place minutes later. Automation flagged the anomaly — but it took our U.S.-based engineers in NYC to confirm the threat, evict the attacker, and get the business running again. This is what happens beyond automation: judgment, executed by a real team.

About the Company

This client is a successful late-stage VC-backed software company. We provide them with MDR, insider risk, compliance, cloud, and 24/7 application security.

Key Challenges

Our monitoring detected the anomaly — but a tool can only raise a flag. Agency's engineers, working on top of the client's existing stack and alongside CrowdStrike Overwatch, made the call and acted. The signal was a company device exhibiting behavioral patterns that resembled those of similar identity fraud scams linked to North Korea — including the device fingerprint and the networks it was connected to, along with an external VPN.

Transforming Security and Compliance

Alongside our threat-hunting partner Crowdstrike Overwatch, we were able to confirm that the individual device was on the same network as known North Korean criminal hacking groups linked to stealing money from companies. We immediately activated incident response– evicting the user, collecting forensic evidence, and coordinating with law enforcement to assess potential damage. We helped the client change the credentials for all of their infrastructure services in synchrony, so the employee thought to be committing identity fraud would not be able to access any resources and thoroughly reviewed the client's infrastructure logs to find any potentially malicious changes.

Results

Agency made sure that the user was unable to steal any of the company's data, protecting their privacy and brand while allowing them to go back to running their growing business as before.

Custom Security To Protect Your Most Critical Threat Surface

Your security and compliance team, without the headcount. U.S.-based forward-deployed engineers, supercharged by proprietary AI, operate your program end-to-end — on top of the tools you already trust. Automation ends where judgment begins.

Assemble Your GRC Team