CrowdStrike said North Korean hackers posing as remote IT workers and online recruiters accounted for 47% of all state-backed interactive intrusions targeting the technology sector during the period covered by its latest report.
The findings came from CrowdStrike’s 2026 Technology Threat Landscape Report, which covered activity from April 2025 to May 2026. According to TechCrunch, the activity made up about half of all documented “hands-on-keyboard” intrusions at U.S. technology companies over the past year.
Remote IT Worker Schemes
CrowdStrike tracks the North Korean hacking group as Famous Chollima. The group is known for posing as developers, coders, and IT workers before applying for remote jobs at technology companies in the U.S., Europe, and Asia.
The hackers use AI-generated real-time deepfake images to spoof the faces of real people. They also use fraudulent identity documents, including stolen passports and driver licenses, to pose as Americans or other foreign nationals.
North Korea is heavily sanctioned by the West and the United Nations over its continued development of nuclear weapons. CrowdStrike said the remote worker schemes allow operatives to enter companies under false pretenses while also earning salaries that are funneled back to the regime.
How The Intrusions Work
CrowdStrike monitors hands-on-keyboard intrusions because they typically involve real human hackers conducting malicious and evasive activity. These intrusions differ from automated malware, which traditional security tools are more likely to detect.
The attacks often begin with stolen passwords or other credentials. After gaining access, the hackers abuse legitimate tools already present in the target’s systems to maintain access over time.
Once inside a company, the operatives may steal intellectual property and other sensitive corporate information. The stolen information is often used for extortion, with operatives threatening to expose the data unless the company pays a ransom after they are caught.
Crypto Theft And Funding Links
The hackers also target blockchain developers with the intention of stealing cryptocurrency. The Kim Jong Un regime uses stolen crypto to work around its limited access to the Western banking system.
North Korea has obtained billions of dollars in stolen cryptocurrency over the years. The source article said the country stole about $2 billion in crypto during 2025 alone.
CrowdStrike said Famous Chollima accounted for 47% of all state-backed activity targeting the technology sector during the report period. The company said the activity reflects the group’s use of AI-supported identities, remote job schemes, and direct intrusion methods against technology companies.
Featured image credits: Magnific.com
For more stories like it, click the +Follow button at the top of this page to follow us.