North Korea's cyber operations have been exposed in a new report. CrowdStrike found that North Korean hackers masquerading as remote IT workers and online recruiters are behind roughly half of all documented cyber intrusions at U.S. tech companies over the past 12 months.
These operatives use AI-generated deepfake videos to spoof real people's faces, pair them with stolen passports and driver's licenses, and apply for jobs at major American, European, and Asian tech firms under false identities. Once hired, they earn a salary—which gets wired straight back to Kim Jong Un's regime.
The hacking group CrowdStrike calls "Famous Chollima" accounted for 47% of all state-backed activity targeting the tech sector between April 2025 and May 2026. These are real humans conducting sophisticated, evasive cyber operations from inside company networks.
The operatives use stolen passwords and abuse legitimate corporate tools to conduct full-blown extortion. When caught, the hackers threaten to leak the intellectual property and sensitive data they've stolen unless companies pay massive ransoms.
Blockchain developers are prime targets for cryptocurrency theft. North Korea netted $2 billion in stolen cryptocurrency during 2025 alone. That sum is the regime's workaround to bypass Western sanctions that keep it locked out of the global banking system.
Silicon Valley faces an escalating cyber threat.
