CrowdStrike found that North Korea's Famous Chollima hacking group — posing as remote workers and recruiters — accounted for 47% of all state-backed intrusions at US tech companies from April 2025 to May 2026. Half of all hands-on-keyboard attacks at US tech companies are North Korean.