North Korean Fake IT Workers Fuel Cyber Intrusions

WASHINGTON: (Web Desk)-A new cybersecurity report from CrowdStrike has revealed that North Korean cyber operatives were behind nearly half of all documented hands-on-keyboard intrusions targeting U.S. technology companies over the past year. The findings highlight a growing threat from hackers linked to the Kim Jong Un regime, who continue to target businesses and software developers to steal sensitive information and cryptocurrency.

According to the report, a North Korean threat group known as “Famous Chollima” was responsible for 47 percent of all state-sponsored cyber activity directed at the technology sector between April 2025 and May 2026. Unlike automated malware attacks, these operations involve human attackers actively infiltrating networks, making them harder to detect and more damaging.

The group typically gains access using stolen credentials and then leverages legitimate tools already present within compromised systems to maintain long-term control. Investigators found that many operatives posed as software engineers, developers, and IT professionals, securing remote positions at technology firms across the United States, Europe, and Asia.

Xi Jinping Visits North Korea To Strengthen Ties

To support their deception, the hackers reportedly used artificial intelligence to generate convincing deepfake images and paired them with stolen identity documents, including passports and driver’s licenses, allowing them to impersonate legitimate job candidates from various countries.

Experts say the scheme is partly driven by international sanctions imposed on North Korea over its nuclear weapons program. Salaries earned from these fraudulent jobs are allegedly redirected to the regime, while the infiltrators also collect intellectual property, confidential corporate data, and other valuable information.

In many cases, stolen data is later used for extortion. When their identities are uncovered, some operatives reportedly threaten to leak sensitive information unless companies agree to pay ransom demands. The group has also focused heavily on blockchain and cryptocurrency-related firms, seeking to steal digital assets that can help North Korea bypass restrictions on the global financial system.

Cybersecurity analysts estimate that North Korean hackers have stolen billions of dollars in cryptocurrency over the years, with approximately $2 billion worth of digital assets reportedly taken during 2025 alone.