North Korean linked hacker organizations have infiltrated about 320 corporations last year under the guise of fake employment.
Global cloud-based cybersecurity corporation CrowdStrike stated in its '2025 Threat Hunting Report' published on the 1st that North Korea's 'FAMOUS CHOLLIMA' led a large-scale insider attack campaign last year, primarily utilizing disguised employment as software developers to infiltrate over 320 corporations in North America, Western Europe, and East Asia. This marks a 220% increase compared to the previous year.
The report explained that Chollima automated the entire process of insider attack programs by utilizing generative artificial intelligence (AI). Through new tactics such as AI-generated fake resumes, deepfake interviews, and performing technical tasks under false identities, it continuously expanded insider threats.
The report noted that "FAMOUS CHOLLIMA's cyber operations maintained an astonishing level of consistency throughout last year, distributing seven independent malware variations while slightly modifying file download and execution methods to evade detection," adding that "they were one of the most active hacker organizations last year and significantly outpaced operations of affiliated forces from other countries."
According to the report, hackers worldwide weaponized generative AI to carry out faster and broader attacks, targeting autonomous AI agents that reorganize corporate operations. Notably, cases of stealing access rights and credentials for the purpose of distributing malware, particularly aimed at developing AI agent tools, have increased.
In particular, cloud breach attacks increased by 136% compared to the previous year, with 40% led by China-linked attack groups. Specifically, 'Genesis Panda' and 'Mucky Panda' exploited cloud configuration errors and trusted access rights to evade detection.
Adam Meyers, senior vice president of intelligence at CrowdStrike, said, "Attackers are accelerating social engineering attacks by misusing generative AI, targeting AI systems that corporations have adopted," adding that "they exploit AI agents in the same way they target Software as a Service (SaaS) platforms, cloud consoles, and privileged accounts."