North Korean Hackers Target US Tech Industry, CrowdStrike Report Reveals
Cybersecurity firm CrowdStrike reported that North Korean hackers, posing as tech professionals, were responsible for nearly half of "hands-on-keyboard" intrusions at U.S. tech companies in the past year. These attacks, attributed to the "Famous Chollima" group, aim to fund Pyongyang's weapons programs by stealing data and cryptocurrency.
Key points
- North Korean hackers accounted for 47% of "hands-on-keyboard" intrusions in the U.S. tech sector between April 2025 and May 2026.
- These operatives impersonated remote IT workers and recruiters to gain access.
- The hacking group, identified as "Famous Chollima" by CrowdStrike, seeks to fund North Korea's nuclear program.
- Attacks typically begin with stolen credentials and leverage existing system tools for persistent access.
- The methods used are designed to evade traditional automated security measures.
Cybersecurity firm CrowdStrike has identified North Korean-backed hackers as a significant threat to the U.S. technology sector. According to their latest annual report, operatives linked to the Kim Jong Un regime were responsible for approximately 47% of all "hands-on-keyboard" intrusions targeting tech companies over the past year, spanning April 2025 to May 2026.
These sophisticated attacks, carried out by a group CrowdStrike dubs "Famous Chollima," often involve hackers posing as remote IT professionals, developers, or recruiters to infiltrate companies. The primary objective is to steal sensitive information and cryptocurrency, which is then used to finance Pyongyang's internationally banned nuclear weapons program. The report highlights that these human-led intrusions are particularly concerning as they are designed to evade automated security systems.
The intrusion method typically starts with the acquisition of stolen passwords or credentials. Once inside a network, the hackers exploit legitimate tools already present on the victim's systems, allowing them to maintain persistent access and conduct their operations discreetly. The widespread nature of these attacks underscores the global cybersecurity challenges posed by state-sponsored hacking groups.
Sources
The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.