A new report by cybersecurity giant CrowdStrike found that North Korean hackers posing as remote IT workers and online recruiters accounted for about half of all documented hacks at US tech companies in the past year.
THE last annual report of the company on the cybersecurity landscape highlights the growing threat from North Korean operatives, who have become a major source of cyber intrusions into the technology industry. Hackers linked to the Kim Jong Un regime are constantly targeting companies and developers with plans to steal information and cryptocurrency to fund Pyongyang’s nuclear weapons program, which is banned under international law.
CrowdStrike said that during the period covered by the report – April 2025 to May 2026 – the North Korean hacking group it calls “Famous Chollima” accounted for 47% of all state activity targeting the technology sector.
The security giant tracks hands-on keyboard hacks because they typically represent real human hackers conducting malicious and evasive cyber activity, rather than automated malware that can be caught by traditional security tools. These attacks generally begin with stolen passwords or credentials, followed by abusing the legitimate tools already in place on the target’s systems to maintain persistent access over time.
The notorious Chollima is known for impersonating tech workers such as programmers, coders and IT, and then applying for remote jobs at tech companies in the US, Europe and Asia under false pretenses. To accomplish this, hackers use artificial intelligence to create deep fake images in real-time to spoof the faces of real people and combine those with fake IDs like stolen passports and driver’s licenses to pose as Americans or other foreign nationals. This is because North Korea is under severe sanctions from the West and the United Nations for its continued development of nuclear weapons.
Once inside, the hackers also earn a salary from the companies they infiltrate, which is funneled back to the North Korean regime, while stealing intellectual property and other sensitive corporate information. This stolen information is often weaponized. When the agents are finally caught, they often threaten to reveal what they’ve taken unless the company pays a ransom.
Hackers are also targeting blockchain developers with the intention of stealing large amounts of cryptocurrency, which the Kim regime uses to circumvent its widespread inability to use the Western banking system. North Korea has made billions of dollars in stolen cryptocurrency over the years, with an estimated $2 billion in 2025 alone.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
