North Koreans behind nearly half of US tech industry hacks, says CrowdStrike

CrowdStrike：朝鲜黑客策划了美国科技行业近半数的入侵事件

A new report by cybersecurity giant CrowdStrike found North Korean hackers posing as remote IT workers and online recruiters made up about half of all documented “hands-on-keyboard” intrusions at U.S. tech companies over the past year. The company’s latest annual report on the cybersecurity landscape highlights the growing threat from North Korean operatives, which have become a significant source of cyber intrusions across the tech industry. 网络安全巨头 CrowdStrike 的一份新报告发现，在过去一年中，冒充远程 IT 工作者和在线招聘人员的朝鲜黑客，占美国科技公司所有记录在案的“键盘操作”（hands-on-keyboard）入侵事件的近一半。该公司关于网络安全态势的最新年度报告强调了来自朝鲜特工日益增长的威胁，他们已成为整个科技行业网络入侵的重要来源。

Hackers associated with the Kim Jong Un regime continuously target companies and developers with schemes aimed at stealing information and cryptocurrency to fund Pyongyang’s nuclear weapons program, which is banned under international law. CrowdStrike said that during the period covered by the report — April 2025 to May 2026 — the North Korean hacking group that the company calls “Famous Chollima” accounted for 47% of all state-backed activity targeting the tech sector. 与金正恩政权有关联的黑客不断以公司和开发人员为目标，通过各种手段窃取信息和加密货币，旨在为平壤受国际法禁止的核武器计划提供资金。CrowdStrike 表示，在报告涵盖的期间（2025 年 4 月至 2026 年 5 月），该公司称为“Famous Chollima”的朝鲜黑客组织占针对科技行业的所有国家支持活动的 47%。

The security giant keeps track of hands-on-keyboard intrusions because they typically represent real human hackers conducting malicious and evasive cyber activity, rather than automated malware that traditional security tools can catch. These attacks generally begin with stolen passwords or credentials, followed by the abuse of legitimate tools already present in the target’s systems to maintain persistent access over time. 这家安全巨头之所以追踪“键盘操作”入侵，是因为它们通常代表真实的黑客在进行恶意且具有规避性的网络活动，而不是传统安全工具可以捕获的自动化恶意软件。这些攻击通常始于被盗的密码或凭据，随后滥用目标系统中已有的合法工具，以长期保持访问权限。

Famous Chollima is known for posing as tech workers, such as developers, coders, and IT, then applying for remote jobs at U.S., European, and Asian tech companies under false pretenses. To pull it off, the hackers use AI to generate real-time deepfake images to spoof the faces of real people, and pair those with fraudulent identity documents like stolen passports and driver licenses to pose as Americans or other foreign nationals. This is because North Korea is heavily sanctioned by the West and the United Nations for its ongoing development of nuclear weapons. Famous Chollima 以冒充开发人员、程序员和 IT 人员等科技工作者而闻名，他们以虚假身份申请美国、欧洲和亚洲科技公司的远程工作。为了得逞，黑客利用人工智能生成实时深度伪造图像来冒充真实面孔，并将其与被盗护照和驾照等伪造身份证件结合使用，以冒充美国人或其他外国公民。这是因为朝鲜因持续发展核武器而受到西方国家和联合国的严厉制裁。

Once in, the hackers also earn a salary from the companies they infiltrate, which gets funneled back to the North Korean regime, all while stealing intellectual property and other sensitive corporate information. That stolen information is frequently weaponized; when the operatives are eventually caught, they often threaten to expose what they’ve taken unless the company pays a ransom. 一旦进入公司，黑客不仅会窃取知识产权和其他敏感的企业信息，还会从他们渗透的公司领取薪水，这些资金随后会被汇回朝鲜政权。这些被盗信息经常被武器化；当这些特工最终被发现时，他们往往会威胁称，除非公司支付赎金，否则就会公开所窃取的信息。

The hackers also target blockchain developers with the intention of stealing large amounts of crypto, which the Kim regime uses to skirt its broad inability to use the Western banking system. North Korea has netted billions of dollars in stolen crypto over the years, with some $2 billion during 2025 alone. 黑客还将目标对准区块链开发人员，意图窃取大量加密货币，金氏政权利用这些资金来规避其无法使用西方银行系统的困境。多年来，朝鲜通过窃取加密货币获利数十亿美元，仅 2025 年一年就窃取了约 20 亿美元。