A new report by cybersecurity giant CrowdStrike has revealed that North Korean hackers make up nearly half of all documented intrusions into the U.S. tech industry, posing as remote IT workers and online recruiters.

The company found that during a year-long period, from April 2025 to May 2026, the 'Famous Chollima' hacking group accounted for 47% of state-backed cyber attacks targeting technology firms. These attackers use sophisticated means such as stolen identities and deepfake images to blend in.

To infiltrate companies, the hackers often apply for remote tech jobs under false pretenses, earning salaries that get redirected to Pyongyang while they stealthily steal sensitive information. They also target blockchain developers to siphon cryptocurrencies, with North Korea netting billions through these illicit means.

The report highlights a significant threat from North Korean operatives, whose cyber activities are funded by the regime’s nuclear weapons program, which is internationally banned. This underscores the complex global challenges in cybersecurity and the ongoing need for vigilance against state-sponsored threats.