
North Korean Tech Hacks Target US Industry
According to a recent CrowdStrike report, North Korean hackers are behind nearly half of the cyber intrusions in the U.S. tech industry. These attacks, documented between April 2025 and May 2026, highlight a significant threat posed by hackers associated with the Kim Jong Un regime. The hackers primarily aim to steal information and cryptocurrency, which is then used to fund North Korea’s nuclear weapons program.
Who Are the Hackers Behind These Attacks?
The group identified as “Famous Chollima” is responsible for 47% of state-backed hacking activities targeting the tech sector, as reported by CrowdStrike. These hackers often pose as remote IT workers or online recruiters, using advanced techniques such as AI-generated deepfake images to deceive companies. They apply for jobs under false identities, using stolen credentials to blend in as legitimate employees.
How Do These Hacks Impact Companies?
Once integrated into a company, the hackers steal intellectual property and sensitive corporate information. This activity not only results in financial losses but also compromises the security of corporate data. The stolen data is often used to extort companies, with hackers threatening to expose the information unless a ransom is paid.
What Is the Role of Cryptocurrency in These Hacks?
North Korean hackers also target blockchain developers to steal cryptocurrency. According to the CrowdStrike report, the regime netted approximately $2 billion in stolen crypto during 2025. This stolen cryptocurrency helps the regime circumvent international sanctions and fund its banned nuclear weapons program.
What Measures Are Being Taken to Combat These Threats?
The growing threat from North Korean hackers underscores the need for enhanced cybersecurity measures. Companies are advised to strengthen their security protocols and remain vigilant against phishing schemes that could lead to credential theft. The use of advanced security tools to detect and mitigate these intrusions is critical in protecting sensitive information.
Frequently Asked Questions
What is the Famous Chollima group?
The Famous Chollima group is a North Korean hacking organization responsible for 47% of state-backed cyber intrusions in the U.S. tech sector from April 2025 to May 2026, according to CrowdStrike.
How do North Korean hackers infiltrate companies?
North Korean hackers often pose as remote IT workers, using AI-generated deepfake images and stolen identities to secure jobs within tech companies, where they conduct cyber intrusions.
What is the main goal of these hacks?
The primary goal of these hacks is to steal information and cryptocurrency to fund North Korea’s nuclear weapons program, which is banned under international law.
How significant is the threat from these hacks?
CrowdStrike’s report indicates a significant threat, with North Korean hackers being responsible for nearly half of the documented cyber intrusions in the U.S. tech industry over the past year.
Sources







