North Koreans behind nearly half of US tech industry hacks, says CrowdStrike

A caller study by cybersecurity elephantine CrowdStrike recovered North Korean hackers posing arsenic distant IT workers and online recruiters made up astir fractional of each documented “hands-on-keyboard” intrusions astatine U.S. tech companies implicit the past year.

The company’s latest yearly report connected the cybersecurity scenery highlights the increasing menace from North Korean operatives, which person go a important root of cyber intrusions crossed the tech industry. Hackers associated with the Kim Jong Un authorities continuously people companies and developers with schemes aimed astatine stealing accusation and cryptocurrency to money Pyongyang’s atomic weapons program, which is banned nether planetary law.

CrowdStrike said that during play covered by the study — April 2025 to May 2026 — the North Korean hacking radical that the institution calls “Famous Chollima” accounted for 47% of each state-backed enactment targeting the tech sector.

The information elephantine keeps way of hands-on-keyboard intrusions due to the fact that they typically correspond existent quality hackers conducting malicious and evasive cyber activity, alternatively than automated malware that accepted information tools tin catch. These attacks mostly statesman with stolen passwords oregon credentials, followed by the maltreatment of morganatic tools already contiguous successful the target’s systems to support persistent entree implicit time.

Famous Chollima is known for posing arsenic tech workers, specified arsenic developers, coders, and IT, past applying for distant jobs astatine U.S., European, and Asian tech companies nether mendacious pretenses. To propulsion it off, the hackers usage AI to make real-time deepfake images to spoof the faces of existent people, and brace those with fraudulent individuality documents similar stolen passports and driver’s licenses to airs arsenic Americans oregon different overseas nationals. This is due to the fact that North Korea is heavy sanctioned by the West and the United Nations for its ongoing improvement of atomic weapons. 

Once in, the hackers besides gain a wage from the companies they infiltrate, which gets funneled backmost to the North Korean regime, each portion stealing intelligence spot and different delicate firm information. That stolen accusation is often weaponized; erstwhile the operatives are yet caught, they often endanger to exposure what they’ve taken unless the institution pays a ransom.

The hackers besides people blockchain developers with the volition of stealing ample amounts of crypto, which the Kim authorities uses to skirt its wide inability to usage the Western banking system. North Korea has netted billions of dollars successful stolen crypto implicit the years, with immoderate $2 billion during 2025 alone.