North Korean operations have intensified their search for technical jobs in foreign companies, which has led CrowdStrike to deal with nearly one incident response case every day over the past year. According to the company’s annual threat hunting report, the activity of the group known as Chollima has increased by 220% in the last 12 months.
A Growing Threat
Adam Meyers, senior vice president of adversary operations, highlighted during a press conference that these technical specialists have managed to infiltrate the workforce of Fortune 500 companies and small to medium organizations worldwide. CrowdStrike’s investigations have documented more than 320 incidents in which North Korean operatives obtained remote employment as IT workers in the period ending June 30.
The challenging scenario extends beyond the United States, as the group has expanded its operations in Europe, Latin America, and other regions, sending the earned wages back to Pyongyang. To facilitate their growing activity, the operatives use generative artificial intelligence tools that allow them to create resumes, forge identities, and perform job tasks, including interviews and technical tasks.
Meyers also reported that malicious activity has evolved significantly, with a 27% increase in manual intrusions, 81% of which did not involve malware. 73% of these intrusions come from cybercrime. CrowdStrike has identified 14 new threat groups in the last six months and is tracking more than 265 adversary groups in total.
The geopolitical landscape of cybersecurity is becoming increasingly complex, as more countries seek to develop offensive cyber espionage operations, which causes the threat from North Korean operatives to continue evolving and proliferating.
