'Famous Chollima' behind almost half state-backed cyberattacks on US tech
North Korean hackers, known as "Famous Chollima" in CrowdStrike's report, were behind almost half of all state-backed cyberattacks on US tech companies over the past year, says a new CrowdStrike report.
Their goal? Steal sensitive data and crypto to help fund North Korea's nuclear program.
Deepfakes used to steal crypto
These hackers got creative, using AI-generated deepfake images and fake documents to pose as remote workers and land jobs at tech firms in the US Europe, and Asia.
Once inside, they stole company secrets and targeted blockchain developers, North Korea netted some $2 billion in stolen crypto during 2025 alone.
The stolen funds didn't just support their regime. When caught, they often threaten to expose what they've taken unless the company pays a ransom.