North Korean hackers have been responsible for approximately 50% of cyberattacks targeting the U.S. tech industry over the past 12 months, according to CrowdStrike. The threat actors pose as remote IT workers and recruiters to infiltrate companies across the U.S., Europe, and Asia.
CrowdStrike's findings reveal a sustained campaign by North Korean threat actors exploiting the remote work environment. The attackers impersonate legitimate IT professionals and recruitment specialists to gain initial access to corporate networks, using social engineering as their primary entry vector.
This tactic allows adversaries to bypass traditional security measures by establishing trust before attempting network intrusion. Once inside a system, they can move laterally to access sensitive data or deploy malware.
The scope of North Korean cyber operations extends globally, with organizations in multiple regions affected. U.S. technology companies represent the primary targets, reflecting North Korea's interest in acquiring intellectual property and maintaining operational capabilities amid international sanctions.
CrowdStrike's assessment underscores the persistent threat posed by state-sponsored North Korean actors. Previous campaigns have targeted cryptocurrency exchanges, financial institutions, and defense contractors. The use of social engineering tactics represents an evolution in their approach, relying on human psychology rather than purely technical exploits.
Security experts recommend enhanced vetting procedures for new hires and contractors, particularly those with remote access privileges. Organizations should implement multi-factor authentication, conduct regular security awareness training, and monitor for suspicious account activity.
The findings highlight growing tensions in the cyber domain, with nation-state actors increasingly targeting private sector infrastructure. As remote work remains commonplace, the threat surface expands for companies unable to thoroughly verify employee and contractor identities before granting network access.
CrowdStrike's data reinforces the need for heightened vigilance across the tech industry and calls attention to the coordinated nature of North Korean cyber operations.
A vulnerability in SimpleHelp remote management software allows unauthenticated attackers to create privileged technician accounts on vulnerable servers. The flaw exploits the OpenID Connect (OIDC) authentication protocol.
The Council of Europe is investigating data breach claims made by the ShinyHunters extortion group over the weekend. The breach, if confirmed, would affect Europe's oldest intergovernmental body.
Cisco released security updates for a critical vulnerability in Catalyst SD-WAN Manager (CVE-2026-20262) that attackers exploited to gain root-level access to affected systems.
Three WordPress plugins owned by Awesome Motive were hacked through a content delivery network breach. OptinMonster, TrustPulse, and PushEngage were all affected in the supply-chain attack.