North Korean Hacking Group FAMOUS CHOLLIMA Behind Nearly Half of State-Sponsored Tech Company Attacks, CrowdStrike Reports
A North Korean-backed hacking group called FAMOUS CHOLLIMA accounted for 47% of all state-sponsored hands-on-keyboard cyberattacks targeting tech companies globally between April 2024 and March 2025, according to CrowdStrike's annual report. The group posed as fake IT workers to infiltrate remote developer positions, then deployed malware and stole cryptocurrency from blockchain developers. The findings highlight growing concerns about North Korean cyber capabilities and the use of AI to enhance attack sophistication.
CrowdStrike's annual cybersecurity report identified FAMOUS CHOLLIMA, a North Korean-backed hacking unit, as responsible for 47% of all state-sponsored hands-on-keyboard intrusions targeting tech companies across North America, Europe, and Asia during the April 2024 to March 2025 period. The group exploited the surge in remote work positions by posing as fake IT workers, targeting software developer roles specifically. After gaining access, they deployed malware and stole cryptocurrency from blockchain developers. CrowdStrike noted that the hackers benefited from North Korea's education system producing skilled IT workers and the significant salary differential between North Korean earnings and remote tech positions. The U.S. coordinated a campaign against FAMOUS CHOLLIMA's operations with 15 other governments. The report also warned that AI development has accelerated hacking capabilities in sophistication, scale, and speed, with FAMOUS CHOLLIMA leveraging AI to enhance their effectiveness.
What's missing
The article does not provide specific details about the detection methods used to attribute these attacks to FAMOUS CHOLLIMA or discuss the reliability of attribution in cyberattacks. Additionally, there is limited information about the actual financial impact or number of companies affected by these intrusions.
How coverage differed
Forbes presented the story factually based on CrowdStrike's report findings, emphasizing both the immediate threat and broader context about North Korean revenue generation for weapons programs. The framing balanced technical details with policy implications without sensationalizing the threat.
What different sources said
- ForbesCenter
North Korean Hackers—Posing As Fake IT Workers—Behind Nearly Half Of All Tech Firm Attacks, Report Says
Related
Xbox's New CEO Prioritizes Gaming Over AI, Signals Return to Core Strengths
Asha Sharma, Xbox's new CEO since February, is refocusing the gaming division on its core gaming business rather than pursuing AI-driven initiatives, marking a strategic shift from her predecessor Phil Spencer. Sharma has implemented changes including lowering Game Pass prices, canceling AI features, and reviving exclusive franchises like Gears of War to reverse declining hardware sales and subscriber growth. Her approach signals Microsoft's recognition that Xbox needs to compete on gaming fundamentals rather than emerging technologies to regain market share against PlayStation and Nintendo.
Researchers Develop Ultrafast Machine Learning on FPGAs Using Kolmogorov-Arnold Networks
Researchers have designed hardware architectures for ultrafast machine learning inference and online learning using Kolmogorov-Arnold Networks (KAN) implemented on Field-Programmable Gate Arrays (FPGAs). FPGAs offer advantages over GPUs for applications requiring ultra-low latency and high hardware efficiency by implementing neural networks directly as digital logic rather than sequential processor instructions. This work addresses a gap in machine learning acceleration for specialized, latency-critical applications that cannot be efficiently served by traditional GPU-based approaches.
Nango's Evolution in Running Untrusted Customer Code: From Sandboxes to AWS Lambda
Nango, an API integration platform, has transitioned its approach to executing untrusted customer code from in-process sandboxes to distributed runners to AWS Lambda to improve security and resource isolation. The company processes over 150 million functions monthly across different workload types (on-demand calls, long-running jobs, and webhooks) while maintaining strict isolation requirements. This architectural evolution reflects the ongoing challenge of balancing security, cost, and performance when executing untrusted code at scale.