North Korean cyber operatives were responsible for nearly half of all state-backed intrusions targeting the technology sector over the past year, according to a new report released by cybersecurity company CrowdStrike. The findings highlight the growing threat posed by hackers linked to the isolated nation, who are increasingly using fake identities to infiltrate companies.
CrowdStrike report found that a North Korean hacking group known as "Famous Chollima" accounted for 47 per cent of all state-sponsored activity targeting technology firms between April 2025 and May 2026. The group is known for posing as software developers, coders and IT professionals in order to secure remote jobs at companies across the United States, Europe and Asia.
TechCrunch reported that the hackers use stolen identities, fraudulent documents and AI-generated deepfake images during recruitment processes. These tactics allow them to pass interviews and gain access to corporate systems while appearing to be legitimate employees. Once hired, they can access sensitive information and intellectual property.
CrowdStrike said the operatives not only collect salaries that are allegedly funnelled back to the North Korean regime, but also steal confidential data and, in some cases, demand ransom payments after being discovered. The company noted that these attacks are particularly dangerous because they involve real individuals operating within trusted systems rather than relying solely on automated malware.
TechCrunch also noted that blockchain developers remain a key target. Cybercriminals linked to North Korea have repeatedly sought to steal cryptocurrency, providing the regime with an alternative source of revenue amid international sanctions. Reports suggest billions of dollars in digital assets have been stolen in recent years.
The report serves as a warning for companies worldwide to strengthen hiring checks, identity verification measures and cybersecurity defences as increasingly sophisticated cyber threats continue to evolve.
