North Korea accounts for almost half of all attacks against tech industry – and the proceeds go straight into developing new weapons of mass destruction for the Hermit Kingdom

News
By published

Funds from attacks are being funneled into weapons programs

North Korean flag with a hooded hacker
(Image credit: Shutterstock)
  • North Korea is responsible for almost half of tech sector cyber intrusions
  • IT worker campaigns are hard to spot thanks to AI enhancement
  • The funds are being used to help develop new WMDs

A new Crowdstrike report has found nearly half (47%) of state-sponsored attacks against US tech companies came from a single North Korean group.

The group, tracked as Famous Chollima, has launched a string of fake IT worker schemes that use AI tools to enhance the personas of applicants.

The funds from successful intrusions are are a welcome addition to the nation’s highly industrialized economy, and are subsequently used to develop and procure weapons of mass destruction for Kim Jong Un’s regime.

Latest Videos From

IT salaries paid to develop nukes

North Korea has long relied on cyber activity as a source of funds, with sanctions against the country and a closed-economy resulting in the country being dubbed the ‘Hermit Kingdom’.

Reports of North Korea sneaking into businesses via IT worker applications have been widespread, but the scale of North Korea’s cyber activity has not been fully understood, until now.

The tiny country with its highly developed cyber-arm has a number of notorious groups, such as the Lazarus Group, but many of the IT worker attacks have been attributed to Famous Chollima.

The group conducts its activities by applying for remote tech jobs at western tech firms. They use AI tools to generate new personas, including images, which are then tied to stolen documents such as passports and driving licenses in order to pose as nationals of their target country.

If successful, the job provides the fake worker with a salary that is often thousands of times higher than the average North Korean, with the funds being appropriated by the state. The workers also steal intellectual property and secrets from the companies they work for, using them to advance the regime’s own tech industry or to launch further attacks against their employer.

Upon being exposed, many of the workers will threaten to reveal their identity unless they are paid a fee, which could be paid in order for the company to avoid the negative effects of having hired a sanctioned individual.

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.

Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with a robust academic framework for deconstructing complex international conflicts and intelligence operations, and the ability to translate intricate security data into actionable insights.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.