CrowdStrike report links North Korean hackers to nearly half of US tech intrusions
8 reported
A new report from cybersecurity firm CrowdStrike found that North Korean hackers posing as remote IT workers and online recruiters were responsible for about half of all documented hands-on-keyboard intrusions at U.S. tech companies over the past year. The report covers the period from April 2025 to May 2026. CrowdStrike stated that the hacking group it calls “Famous Chollima” accounted for 47% of all state-backed activity targeting the tech sector. The hackers use AI-generated deepfake images and fraudulent identity documents to pose as American or other foreign nationals when applying for remote jobs. Once hired, they earn a salary funneled back to North Korea while stealing intellectual property and sensitive corporate information. The stolen information is often used to demand ransoms when the operatives are caught. The hackers also target blockchain developers to steal cryptocurrency, with North Korea netting billions in stolen crypto over the years, including some $2 billion during 2025 alone.
What’s reported
CrowdStrike’s report found North Korean hackers made up about half of all documented hands-on-keyboard intrusions at U.S. tech companies over the past year.
The report covers April 2025 to May 2026.
The group “Famous Chollima” accounted for 47% of all state-backed activity targeting the tech sector.
Hackers pose as remote IT workers using AI deepfakes and fraudulent identity documents.
They earn salaries funneled back to North Korea while stealing intellectual property and sensitive corporate information.
Stolen information is often used to demand ransoms when operatives are caught.
Hackers target blockchain developers to steal cryptocurrency.
North Korea netted some $2 billion in stolen crypto during 2025 alone.
Key figures
CrowdStrike (cybersecurity firm)
Famous Chollima (North Korean hacking group)
Kim Jong Un (mentioned as leader of North Korea)
Sources: TechCrunch
