Estimated reading time: 4 minutes
Chollima: Culture, Symbol, and Global Reach –
There are reports today that North Korea is engaged in an AI modernization of its military. The reporting includes these apparent orders: “make plans to build AI-based manned and unmanned multipurpose combat systems.” With that and constant talk of fake IT workers tied to North Korea, and artificial intelligence (AI) being used to supercharge cybercrimes, we revisited CrowdStrike’s 2025 Global Threat Report and reexamined elements relating to FAMOUS CHOLLIMA, the North Korean cyber threat.
Chollima: Culture, Symbol, and Global Reach
Chollima is a legendary winged horse in Korean mythology. It symbolizes speed and remarkable ability. Legend says it can travel 400 kilometers in a day. North Korea adopted Chollima as a national symbol and a statue of the mythical creature in North Korea’s capital, Pyongyang. The metaphor fits the cyber operation’s global tempo and the very real danger posed by FAMOUS CHOLLIMA. It moves fast, spans continents, and seeks profit.
CrowdStrike’s 2025 Global Threat Report
CrowdStrike’s 2025 Global Threat Report spotlights identity-driven attacks and shrinking response windows. The report highlights GenAI as an operational accelerant. The researchers profile FAMOUS CHOLLIMA with clarity and urgency. In the last 12 months, FAMOUS CHOLLIMA insiders infiltrated over 320 companies, a 220% year-over-year increase.
Who Is DPRK?
DPRK stands for the Democratic People’s Republic of Korea, aka North Korea. The regime remains cash-strapped. North Korea has long used digital crime for hard currency. State units blend espionage and revenue generation on shared tasking.
FAMOUS CHOLLIMA: Tradecraft and Branding
FAMOUS CHOLLIMA pursues insider access through remote hiring schemes. Operatives pose as contractors and employees with valid credentials. Google Gemini and OpenAI have reported that North Korea’s “IT workers” have “abused” the tools to write cover letters and resumes.
One Minute Watch – Deepfakes, Fake Workers & Impersonation Threats
GenAI as a Force Multiplier
North Korean operators apply GenAI to craft resumes and ace interviews. They automate emails, code snippets, translations, and meeting notes. Proxy networks and laptop farms hide location and scale operations. The playbook expands North Korea’s reach across time zones. The CrowdStrike report notes that it is “highly likely” GenAi will continue to “facilitate success.”
Crowdstrike also notes it is “very likely” that it uses deepfake technology to “mask…true identities” in video interviews. Additionally, the deepfake tech could allow a single person to interview for the same position numerous times.
Get The Cyber Insurance News Upload Delivered
Every Sunday
Subscribe to our newsletter!
You’re Hired
Once a position is gained, the GenAI tools are helpful in the same way they might help a legitimate employee. But they are instrumental in overcoming language barriers, as it’s likely that North Koreans are not fluent in English. Crownstrike notes it is entirely possible that a single operative can work three or four jobs at the same time.
Defender To-Dos
- Strengthen hiring safeguards by verifying candidate backgrounds and confirming the authenticity of professional profiles.
- Protect interview and assessment processes with measures that detect and deter deepfake attempts.
- Enhance remote access protections to ensure only trusted users and devices can connect to corporate systems.
- Control the use of external devices to prevent unauthorized access to company data.
- Monitor internal communications for unusual activity that may indicate misuse or hidden agendas.
- Equip managers and IT leaders with training to recognize early warning signs of insider threats, including those enabled by AI.
GenAI tools help attackers once they gain a position, just as they would help a legitimate employee. But like any mask, the illusion eventually slips. CrowdStrike’s report shows defenders the seams. The deepfakes glitch. The resumes crack. The payroll trails reveal too much.
It’s a cyber version of John Woo’s Face/Off: the chase to rip away the disguise and see who’s really underneath. And just as in the movie, the stakes aren’t just personal, they’re global.
Related Posts
