Cyber-security company CrowdStrike says state-sponsored North Korean operatives are increasingly posing as remote IT contractors, infiltrating hundreds of businesses and funnelling their salaries to Pyongyang. In its 2025 Threat Hunting Report released at Black Hat in Las Vegas, the firm said it investigated more than 320 such incidents during the year to 30 June, a 220% jump from the prior 12 months. The operatives—tracked by CrowdStrike as “Famous Chollima”—rely heavily on generative artificial-intelligence tools to automate every stage of their deception. AI models draft résumés, generate synthetic profile photos, translate technical tests and power real-time deepfake video feeds that let a single individual attend multiple job interviews under different identities. Once hired, the workers can juggle three or four jobs simultaneously while siphoning corporate data that may later be sold or used for extortion. Victim organisations range from US crypto start-ups to European and Latin American technology firms, exposing them not only to data theft but also to potential sanctions violations for indirectly funding North Korea’s weapons programmes. CrowdStrike warns that AI-powered attacks are widening the enterprise attack surface and recommends employers adopt stronger identity-verification processes, deepfake-detection challenges and continuous monitoring of non-human identities.