CrowdStrike: North Korea Responsible for Half of Cyberattacks on US Tech Sector

According to a new report from cybersecurity giant CrowdStrike, North Korean hackers are responsible for nearly half of all "hands-on-keyboard" cyberattacks against US technology companies. Operating under the guise of remote IT workers and recruiters, these individuals have become the most significant threat in the industry over the past year, reports Techcrunch.com .

CrowdStrike data shows that between April 2025 and May 2026, the North Korean hacking group known as "Famous Chollima" carried out 47% of all state-sponsored activity targeting the tech sector. These groups, linked to the Kim Jong Un regime, aim to steal data and cryptocurrency to fund nuclear weapons programs prohibited by international law.

To achieve their goals, hackers are using AI technologies to create real-time deepfakes. Using stolen passports and driver's licenses, they pose as citizens of the US or other countries to secure remote jobs at major tech companies. This method allows them not only to steal confidential data but also to collect salaries and funnel them to the Pyongyang regime.

Once inside a system, hackers often blackmail companies in addition to stealing intellectual property, threatening to leak stolen data if payment is not made. They also target blockchain developers to steal cryptocurrencies, bypassing the Western banking system. Reports indicate that North Korea stole nearly $2 billion in cryptocurrency in 2025 alone.