A new report from cybersecurity firm CrowdStrike has revealed that North Korean hackers masquerading as remote IT professionals and online recruiters were responsible for nearly half of all documented hands-on-keyboard cyber intrusions targeting United States technology companies over the past year.
In its latest annual assessment of the global cybersecurity landscape, CrowdStrike noted the increasing threat posed by North Korean cyber operatives, whose activities have become a major source of security breaches across the technology sector.
According to the report, hackers linked to the regime of North Korean leader Kim Jong Un continue to target companies and software developers in campaigns designed to steal sensitive information and cryptocurrency.
The proceeds are believed to help finance Pyongyang’s nuclear weapons programme, which is prohibited under international sanctions.
CrowdStrike said that between April 2025 and May 2026, the North Korean threat group it tracks as “Famous Chollima” was responsible for 47 per cent of all state-sponsored cyber activity directed at the technology industry.
The company monitors hands-on-keyboard intrusions because they involve real attackers actively conducting sophisticated and evasive operations, unlike automated malware attacks that can often be detected and blocked by conventional security tools.
Such breaches typically begin with stolen login credentials, after which attackers exploit legitimate software and system tools to maintain long-term access to targeted networks.
Famous Chollima is particularly known for posing as software developers, coders, and IT specialists to secure remote jobs at technology firms in the United States, Europe, and Asia.
To support these schemes, the group reportedly uses artificial intelligence to create real-time deepfake images and combines them with fraudulent identity documents, including stolen passports and driver’s licences, to impersonate Americans and other foreign nationals.
North Korea remains subject to extensive sanctions imposed by Western nations and the United Nations over its continued pursuit of nuclear weapons and ballistic missile programmes.
After securing employment within targeted firms, the operatives earn salaries that are allegedly channelled back to the North Korean government.
At the same time, they collect intellectual property, proprietary data, and other sensitive corporate information.
The stolen material is often later used for extortion, with the operatives threatening to leak or expose the data unless the affected company agrees to pay a ransom
