North Korean Hackers Posing as Remote IT Workers Are Behind Nearly Half of All Tech Firm Cyberattacks, New Report Finds

A new report cited by Forbes finds North Korean operatives posing as remote software developers now account for nearly half of all cyberattacks targeting technology firms, a dramatic escalation of the DPRK's most operationally active threat vector. CrowdStrike has previously confirmed DPRK-linked malicious insider activity at more than 150 customer organizations in 2026, with data theft occurring in roughly half of those cases. The operatives use AI-assisted resume fabrication, stolen U.S. identities, and domestic 'laptop farm' networks to secure and hold remote developer positions before exfiltrating code, credentials, or conducting sabotage.