CrowdStrike's 2025 Threat Hunting Report reveals that North Korean operatives have infiltrated over 320 companies across the US, Europe, and other regions by posing as remote IT workers. These operatives used artificial intelligence to create deepfake interviews and forged resumes to secure remote jobs, facilitating access to corporate systems. The operation involved the use of stolen identities and approximately 90 laptops, generating an estimated $17 million in illicit revenue, which is allegedly funneled into North Korea's nuclear weapons program. Additional investigations uncovered detailed job-planning documents, including spreadsheets and Slack messages, highlighting the extensive surveillance and coordination within the group. Thousands of North Korean coders working abroad reportedly generate hundreds of millions of dollars annually for the sanctioned regime. Separately, scammers using fake Ethereum trading bots on YouTube have stolen over $900,000, illustrating broader cybercrime trends linked to cryptocurrency theft.