A single North Korean state-sponsored hacking group was responsible for 47% of all hands-on-keyboard intrusions in the technology sector over the last year, according to a new report from cybersecurity firm CrowdStrike. The report, which covers activity from April 2025 to March 2026, identifies the group as FAMOUS CHOLLIMA and highlights the tech sector as the most targeted industry by both state-backed and financially motivated cybercriminals.
The primary method used by these operatives involves elaborate social engineering schemes, where they pose as legitimate remote IT workers or software developers to gain employment and internal network access. This allows for intelligence gathering, intellectual property theft, and funneling salaries back to the North Korean regime. The U.S. government has been actively working with international partners to counter these operations.