North Korean Hackers Behind Nearly Half of U.S. Tech Industry Attacks, New Report Warns

• New Report Reveals Massive North Korean Infiltration of Tech Companies
• Fake IT Workers From North Korea Are Breaching U.S. Firms at Alarming Rates
• North Korean Cyber Operatives Exploit Remote Work to Target Tech Industry
• Cybersecurity Firm Warns North Korean Hackers Are Infiltrating Companies Through Hiring Processes
• North Korea’s New Cyber Strategy: Get Hired, Then Hack From Within
• Nearly 50% of Tech Industry Intrusions Traced to North Korean Operatives, Report Finds
• Remote Work Creates New Security Crisis as North Korean Hackers Pose as Developers and Recruiters

North Korean cyber operatives are now responsible for nearly half of all documented cyber intrusions targeting the U.S. technology sector, according to a new report from cybersecurity giant CrowdStrike. The findings highlight a rapidly evolving threat in which hackers pose as remote IT workers and recruiters to infiltrate companies from the inside.

According to CrowdStrike’s latest threat intelligence analysis, North Korean actors accounted for about 50% of all “hands-on-keyboard” attacks against U.S. technology companies over the past 12 months. Unlike traditional cyberattacks that rely on malware or phishing emails, many of these operations involve individuals using fake identities to secure remote employment at targeted firms.

Security researchers say these operatives often pose as software developers, engineers, recruiters, and IT specialists. Once hired, they gain access to corporate systems, sensitive data, source code repositories, and internal communications. In some cases, their salaries are reportedly funneled back to the North Korean government, helping generate revenue for the heavily sanctioned regime.

The report warns that the threat extends far beyond the United States. Companies across Europe and Asia have also been targeted by North Korean operatives seeking remote positions. The rise of remote work and global hiring practices has made it easier for threat actors to conceal their identities and bypass traditional hiring controls.

Cybersecurity experts say the campaign has become increasingly sophisticated. Many applicants use stolen identities, AI-generated profile photos, fabricated work histories, and compromised professional networking accounts to appear legitimate during the recruitment process. Some operations have even relied on so-called “laptop farms,” where devices issued by employers remain physically located in the United States while being remotely accessed from abroad.

CrowdStrike’s findings come amid growing concerns about nation-state cyber threats targeting the technology sector, particularly companies involved in artificial intelligence, software development, semiconductors, cloud services, and other strategic industries. The cybersecurity firm noted that technology companies remain among the most heavily targeted organizations globally.

The warning also follows a series of high-profile incidents linked to North Korean cyber groups. Security researchers have previously connected North Korean actors to cryptocurrency thefts, software supply chain compromises, and large-scale espionage campaigns aimed at generating revenue and collecting intelligence.

Experts are urging organizations to strengthen hiring verification procedures, conduct enhanced identity checks for remote workers, monitor unusual access patterns, and implement zero-trust security controls. Companies are also being encouraged to verify employment histories and watch for inconsistencies in applicant credentials.

As remote work continues to reshape the global technology industry, cybersecurity professionals warn that insider threats fueled by fake identities may become one of the most challenging security risks facing organizations in the years ahead. With North Korean operatives increasingly blending recruitment fraud with cyber espionage, businesses are being urged to treat hiring security as a critical component of their overall cybersecurity strategy.