CrowdStrike’s latest Threat Report includes new information about China’s increased targeting of North American telecommunications companies, Russia’s continued efforts to support its invasion of Ukraine with cyberespionage, and other trends the security firm witnessed from July 2024 to June 2025. (Presumably excluding the period during which a faulty update to its software brought down global infrastructure.) But of particular interest is the sheer scale of North Korea’s AI-supported tech worker schemes. The company said that in the last 12 months, it has “investigated over 320 incidents where [North Korean] operatives obtained fraudulent employment as remote software developers” and that the hackers have “been able to sustain this pace by interweaving GenAI-powered tools that automate and optimize workflows at every stage of the hiring and employment process.” Resumes? Fake. Social accounts? Fake. The person shown during a video call, the headshots, the messages they send? Fake, fake, fake. “Once hired, [these] workers use GenAI code assistants [and] translation tools to assist with daily tasks and correspondence related to their legitimate job functions,” CrowdStrike said. “Though an average employee may use GenAI in a similar manner, these tools—especially those enabling English-language communication—are especially crucial [to this group]. These operatives are not fluent in English, likely work three or four jobs simultaneously, and require GenAI to complete their work and manage and respond to multiple streams of communication.”

Full report : CrowdStrike investigated 320 North Korean IT worker cases in the past year.