CrowdStrike Investigated 320 North Korean IT Worker Cases In the Past Year (cyberscoop.com) 11
An anonymous reader quotes a report from CyberScoop: North Korean operatives seeking and gaining technical jobs with foreign companies kept CrowdStrike busy, accounting for almost one incident response case or investigation per day in the past year, the company said in its annual threat hunting report released Monday. "We saw a 220% year-over-year increase in the last 12 months of Famous Chollima activity," Adam Meyers, senior vice president of counter adversary operations, said during a media briefing about the report. "We see them almost every day now," he said, referring to the North Korean state-sponsored group of North Korean technical specialists that has crept into the workforce of Fortune 500 companies and small-to-midsized organizations across the globe.
CrowdStrike's threat-hunting team investigated more than 320 incidents involving North Korean operatives gaining remote employment as IT workers during the one-year period ending June 30. CrowdStrike researchers found that Famous Chollima fueled that pace of activity with an assist from generative artificial intelligence tools that helped North Korean operatives maneuver workflows and evade detection during the hiring process. "They use generative AI across all stages of their operation," Meyers said. The insider threat group used generative AI to draft resumes, create false identities, build tools for job research, mask their identity during video interviews and answer questions or complete technical coding assignments, the report found. CrowdStrike said North Korean tech workers also used generative AI on the job to help with daily tasks and manage various communications across multiple jobs -- sometimes three to four -- they worked simultaneously.
Threat hunters observed other significant shifts in malicious activity during the past year, including a 27% year-over-year increase in hands-on-keyboard intrusions -- 81% of which involved no malware. Cybercrime accounted for 73% of all interactive intrusions during the one-year period. CrowdStrike continues to find and add more threat groups and clusters of activity to its matrix of cybercriminals, nation-state attackers and hacktivists. The company identified 14 new threat groups or individuals in the past six months, Meyers said. "We're up to over 265 named adversary groups that we track, and then 150 what we call malicious activity clusters," otherwise unnamed threat groups or individuals under development, Meyers said.
CrowdStrike's threat-hunting team investigated more than 320 incidents involving North Korean operatives gaining remote employment as IT workers during the one-year period ending June 30. CrowdStrike researchers found that Famous Chollima fueled that pace of activity with an assist from generative artificial intelligence tools that helped North Korean operatives maneuver workflows and evade detection during the hiring process. "They use generative AI across all stages of their operation," Meyers said. The insider threat group used generative AI to draft resumes, create false identities, build tools for job research, mask their identity during video interviews and answer questions or complete technical coding assignments, the report found. CrowdStrike said North Korean tech workers also used generative AI on the job to help with daily tasks and manage various communications across multiple jobs -- sometimes three to four -- they worked simultaneously.
Threat hunters observed other significant shifts in malicious activity during the past year, including a 27% year-over-year increase in hands-on-keyboard intrusions -- 81% of which involved no malware. Cybercrime accounted for 73% of all interactive intrusions during the one-year period. CrowdStrike continues to find and add more threat groups and clusters of activity to its matrix of cybercriminals, nation-state attackers and hacktivists. The company identified 14 new threat groups or individuals in the past six months, Meyers said. "We're up to over 265 named adversary groups that we track, and then 150 what we call malicious activity clusters," otherwise unnamed threat groups or individuals under development, Meyers said.
US Intelligence Asset? (Score:2, Insightful)
when you need to AI to draft resumes to get past t (Score:2)
when you need to AI to draft resumes to get past the filters does HR just give up when they only see junk resumes or are clue less to the fact that some with 10+ years in 8 differnt pices of software is likely faking it.
We've got this covered (Score:2)
It's painfully obvious (Score:2)
I really wish the left wing in America could actually address the problems the working class face. If I bring up the fact that the education opportunities my kid needs to move up in the world have been taken away but that the same opportunities continue to be made available to foreign students I get called racis
Re: (Score:3)
When someone says 'painfully obvious', they are often wrong. I suspect you are getting your info from social media, and believing the lies foreign propaganda has been telling you.
Education opportunities: less than 1% of students in America are non-residents. (https://nces.ed.gov/fastFacts/display.asp?id=98) and 94% are American citizens. (https://www.npr.org/2025/06/07/nx-s1-5423535/international-students-college-data-breakdown) Note, this article is complaining about how it is has 'skyrocketed' from
Simple solution: (Score:5, Insightful)
There is an obvious solution to this problem: after you have selected a candidate to hire, simply pay for them to come in for a final in-person greeting. If that doesn't work for you because you are trying to get someone for the absolute least amount of money then you have identified the core problem.
In-person interviews? (Score:2)
Now it's starting to make sense (Score:2)
It was the North Koreans who caused all those BSODs!
US Face of the NORK IT workers gets 8 year sentenc (Score:2)
https://www.theguardian.com/us... [theguardian.com]