Upcoming Webinars

Thursday, May 7, 2026 | 10:00 am CST

What happens when a newly hired remote worker isn't who they claim to be?

In August 2025, a suspected North Korea-linked IT worker passed standard hiring checks, completed onboarding, and began operating inside a customer's organization.

LevelBlue SpiderLabs identified anomalous behavior and initiated an investigation. The account was terminated; with no evidence of data exfiltration, persistence, or residual access.

In this session, LevelBlue threat intelligence experts walk through the case and the detection approach used to uncover activity that standard controls can miss. methods to evade controls. Block one path, and another remains active; supported by open directories, staged payloads, and a modular execution flow.