North Korean operatives infiltrate half of US tech sector in cyber blitz

The hacking group identified as Famous Chollima drove this surge between April 2025 and May 2026. By assuming the identities of developers and coders, these actors secure legitimate remote positions at global firms. Once embedded, they utilize existing corporate tools to maintain persistent access, effectively weaponizing the company’s internal infrastructure against itself. This human-led approach allows them to evade standard malware detection systems that rely on automated patterns.

Beyond simple data theft, the infiltration serves a dual financial purpose. Operatives collect salaries that are funneled directly to the Kim Jong Un regime, while simultaneously extracting intellectual property to hold for ransom. The group also maintains a relentless focus on blockchain developers to siphon cryptocurrency. With an estimated $2 billion in illicit digital assets generated in 2025 alone, these cyber operations have become a primary mechanism for North Korea to bypass international sanctions and finance its nuclear weapons program.