News

North Korean Hackers Behind Nearly Half of U.S. Tech Attacks, says CrowdStrike

Blog
/
News
/
CrowdStrike says North Korean hackers are behind a major share of U.S. tech breaches
Tobi Active
June 12, 2026
·
1
mins read

A new cybersecurity report from CrowdStrike says North Korean hackers are responsible for a large share of recent cyberattacks targeting U.S. tech companies. The firm found that these actors, often posing as remote IT workers or job applicants, accounted for about 47% of state-linked hacking activity aimed at the tech industry over the past year.

The report covers activity between April 2025 and May 2026 and highlights a growing trend of North Korean cyber operations focused on infiltrating companies rather than directly attacking them from the outside. CrowdStrike describes this type of attack as “hands-on-keyboard” activity, where real hackers actively control systems after gaining access instead of relying only on automated malware.

According to the report, these hackers often enter companies by pretending to be legitimate remote employees. They apply for jobs as developers, engineers, or IT support staff at firms in the United States, Europe, and Asia. To make their identities more convincing, they use artificial intelligence tools to generate realistic images and combine them with stolen or fake identity documents.

Once hired, they gain access to internal systems while also collecting a salary, which is later funneled back to the North Korean government. At the same time, they steal sensitive corporate data, including intellectual property and software code, which can be used for financial gain or strategic advantage.

CrowdStrike says these operations are not only about spying but also about funding North Korea’s broader political and military goals, including its nuclear weapons program, which is subject to international sanctions. The stolen funds are often converted into cryptocurrency, helping the regime bypass restrictions on global banking systems.

The report also notes that blockchain and crypto-related developers are frequent targets, as they handle valuable digital assets. In some cases, attackers have stolen large sums of cryptocurrency, with estimates suggesting billions of dollars have been taken over recent years, including a significant amount in 2025 alone.

Cybersecurity experts warn that these schemes are becoming more sophisticated, blending social engineering, AI-generated identities, and long-term infiltration tactics. This makes detection harder and increases the risk for companies relying heavily on remote workers in the global tech industry.

Stories worth your time, 
every single day

Covering entertainment, tech, business, luxury, politics, and everything in between all in one place.