North Koreans behind nearly half of US tech industry hacks, says CrowdStrike
Key takeaways
- A new report by cybersecurity giant Crowd Strike found North Korean hackers posing as remote IT workers and online recruiters made up about half of all documented hands-on-keyboard intrusions at U.S.
- The company s latest annual report on the cybersecurity landscape highlights the growing threat from North Korean operatives, which have become a significant source of cyber intrusions across the tech industry.
- These attacks generally begin with stolen passwords or credentials, followed by the abuse of legitimate tools already present in the target s systems to maintain persistent access over time.
A new report by cybersecurity giant Crowd Strike found North Korean hackers posing as remote IT workers and online recruiters made up about half of all documented hands-on-keyboard intrusions at U.S. tech companies over the past year.
The company s latest annual report on the cybersecurity landscape highlights the growing threat from North Korean operatives, which have become a significant source of cyber intrusions across the tech industry. Hackers associated with the Kim Jong Un regime continuously target companies and developers with schemes aimed at stealing information and cryptocurrency to fund Pyongyang s nuclear weapons program, which is banned under international law.
CrowdStrike said that during period covered by the report — April 2025 to May 2026 — the North Korean hacking group that the company calls Famous Chollima accounted for 47% of all state-backed activity targeting the tech sector.