North Korean hackers behind half of US tech breaches: Report
What's the story
A recent report by cybersecurity firm CrowdStrike has revealed that North Korean hackers made up about half of all documented "hands-on-keyboard" intrusions at US tech companies in the last year. The attacks, which are referred to as "hands-on-keyboard" intrusions, were carried out by operatives posing as remote IT workers and online recruiters. The report highlights the growing threat from these state-sponsored cybercriminals in the tech industry.
Cyber strategies
'Famous Chollima' behind attacks
The CrowdStrike report covers the period from April 2025 to May 2026, during which the North Korean hacking group "Famous Chollima" was responsible for 47% of all state-sponsored activity against the tech sector. These attacks usually start with stolen passwords or credentials and then exploit legitimate tools already on the target's systems for long-term access.
Cyber infiltration
Hackers impersonate tech workers to apply for remote jobs
Famous Chollima is known for impersonating tech workers like developers, coders, and IT professionals to apply for remote jobs at US, European, and Asian tech companies. They use AI-generated deepfake images and fake documents like stolen passports/drivers' licenses to pass off as Americans or other foreign nationals. Once inside these companies, they steal intellectual property and sensitive corporate information, which is often weaponized against the company unless a ransom is paid.
Crypto theft
Stealing cryptocurrency to fund Kim regime
The hackers also target blockchain developers to steal large amounts of cryptocurrency, which the Kim regime uses to bypass its inability to use the Western banking system. North Korea has stolen billions of dollars in cryptocurrency over the years, including some $2 billion in 2025 alone. The stolen funds not only support their regime but are also used as leverage against companies if they are caught stealing sensitive information.