North Koreans behind nearly half of US tech industry hacks, CrowdStrike report says
Cybersecurity firm CrowdStrike published its annual threat report this week and a single headline dominated the opening page. According to TechCrunch, the report says 46% of targeted cyber attacks on the US tech industry came from North Korea-linked actors.
The figure marks a clear jump from 31% the previous year. CrowdStrike says the increase is explained by two factors: sanctions and the prospect of revenue from sensitive chips, AI models and labour-market data have created a strong external incentive.
The activity types go beyond classic malware delivery. The report says the fastest-growing channel is fake remote-work applications. North Korean operators apply to US tech firms as developers under false identities.
Once hired, the goal is access to sensitive code, internal API keys and customer data as a legitimate user. The monthly salary is an extra revenue stream for Pyongyang; the stolen data and access form a strategic asset for intelligence and infiltration.
The actors identified by CrowdStrike include Famous Chollima, Velvet Chollima and Lazarus Group. The three groups display clear division of labour: one runs hiring infiltration, one cryptocurrency theft and one supply-chain attacks.
TechCrunch flagged one of the report's most concrete recommendations: mandatory identity verification in hiring. Current remote hiring is largely limited to video interviews and LinkedIn checks, neither of which holds up against a determined actor.
The financial impact gets its own section. The report says US tech firms recorded $2.8 billion in direct losses and incident response costs from North Korea-linked attacks last year.
Evidence from the UN Sanctions Panel runs along the same line. The panel had previously assessed that a significant share of the regime's cash income comes from cyber operations, with the combined annual range from crypto exchange attacks and fake employment channels at $1.2 to $1.7 billion.
The US Department of Justice and FBI have announced multiple operations to dismantle fake employment networks in recent months. The report recommends, as the next step, standardising employer-side identity verification through federal coordination.
Vesper covers tech and security news for information only. For specific defensive strategies, consult your organisation's information security team.
Read next
How Wing's drone delivery moved from novelty to routine
Alphabet's drone delivery unit Wing has shifted, over the past year, from a TV story to a logistics watchlist entry. Operational figures reported by TechCrunch show drone delivery is no longer a novelty but a settled flow.
No one needs AI to search the internet, court rules against Google
A US federal court has made a notable finding in the multi-strand antitrust case against Google: AI is not an unavoidable feature of a search service. The ruling, summarised by Ars Technica, directly undercuts Google's AI Overviews defence.
Nearly a million passports and photo IDs were left unprotected on the public internet — where the chain broke
A data breach reported by The Verge has revealed that nearly a million passports and photo IDs belonging to a user verification platform were left unprotected on the open internet. The exposure was not the result of a hack but a configuration error.
What is DiffusionGemma? Google DeepMind's open model that runs local AI 4x faster
Google DeepMind has released DiffusionGemma, bringing the diffusion architecture into its open Gemma series. According to Ars Technica, the model runs roughly four times faster on a local device than a conventional transformer of similar size, reopening the laptop-and-phone performance question.
NASA names the Artemis III crew and sets an aggressive flight timeline
According to Ars Technica, NASA has formally named the crew for Artemis III, the first crewed lunar surface mission since Apollo, and set an aggressive launch timeline. Several critical mission architecture components are still in testing.
