CrowdStrike 2026 Financial Services Threat Landscape Report: North Korean Adversaries Steal Billions in Digital Assets
CrowdStrike has released the '2026 Financial Services Threat Landscape Report'. It reveals that North Korea-nexus actors exploited AI to steal approximately $2.02 billion in digital assets in 2025, and highlights a 43% global surge in hands-on-keyboard attacks against financial institutions, alongside expanding Chinese cyber espionage.
📋 Article Processing Timeline
- 📰 Published: May 25, 2026 at 20:00
- 🔍 Collected: May 25, 2026 at 11:31
- 🤖 AI Analyzed: May 27, 2026 at 05:37 (42h 6m after Collected)
*This is a summary translation of a press release announced in the United States on May 14, 2026.*
CrowdStrike (NASDAQ: CRWD) today released the CrowdStrike 2026 Financial Services Threat Landscape Report. The report reveals that North Korea-nexus adversaries stole billions of dollars in digital assets in 2025, industrializing cybercrime through AI-driven fraudulent tactics. Hands-on-keyboard attacks against financial institutions have surged over the past two years by 43% globally and 48% in North America. This is due to attackers abusing identity trust and SaaS applications to bypass traditional defenses.
Highlights of the CrowdStrike Financial Services Threat Landscape Report:
Based on frontline intelligence from CrowdStrike Counter Adversary Operations, which tracks more than 280 named adversaries, the report revealed the following:
Digital asset theft hits record scale: Digital asset theft by North Korea-nexus actors reached a record high in 2025, increasing 51% year-over-year, with total reported industry-wide losses reaching $2.02 billion. PRESSURE CHOLLIMA stole $1.46 billion in cryptocurrency using trojanized software distributed through a supply chain compromise. This represents the largest reported financial theft case in history. GOLDEN CHOLLIMA accessed cloud environments of fintech companies in Southeast Asia and Canada by diverting cryptocurrency funds using lures disguised as job postings.
North Korea expands AI-driven fraud: North Korea-nexus actors expanded operations against the financial services industry using AI. FAMOUS CHOLLIMA doubled its operational scale using AI-generated identities to attempt intrusions into cryptocurrency exchanges, fintech platforms, and retail financial institutions. STARDUST CHOLLIMA tripled its operational pace, utilizing AI-generated recruiter personas and synthetic video conferencing environments to target fintech companies in North America, Europe, and Asia.
China-nexus espionage expands globally: China-nexus adversaries posed threats to the most critical intelligence gathering. HOLLOW PANDA executed intrusions against financial institutions in the Philippines, Indonesia, and Brazil. MURKY PANDA deployed a communications relay network consisting of over 150 endpoints across 36 countries, targeting 340 organizations across more than 30 industries. Among them, the financial services industry was the most frequently targeted.
Intensifying eCrime pressure on the industry: 423 financial service organizations were listed on dedicated leak sites, a 27% increase year-over-year. MUTANT SPIDER generated the most intrusions through vishing operations, and subsequently sold the acquired access rights to ransomware groups, enabling faster and more scalable attacks. In the first half of 2025, SCATTERED SPIDER resumed aggressive ransomware attacks against insurance companies after a four-month hiatus.
Adam Meyers, Head of Counter Adversary Operations at CrowdStrike, stated:
"Financial services organizations are facing threats from all directions, and the use of AI makes all of these threats harder to stop. They can create highly authentic identities, automate reconnaissance, and accelerate credential theft at almost zero cost. Adversaries use AI to shorten the time from initial access to impact, moving through trusted paths in a flash, so traditional defenses simply cannot keep up. To close this gap, defenders must counter AI with AI. They need to combine intelligence and hunting to outmaneuver the adversaries."
Additional Resources:
Download and read the CrowdStrike 2026 Financial Services Threat Landscape Report.
Listen to the "Adversary Portal" podcast for insights into threat actors and recommendations to help strengthen your security. For more information, please visit our blog or go online.
About CrowdStrike
CrowdStrike (NASDAQ: CRWD) is a global cybersecurity leader, providing endpoint, cloud workload, and identity protection solutions.
CrowdStrike (NASDAQ: CRWD) today released the CrowdStrike 2026 Financial Services Threat Landscape Report. The report reveals that North Korea-nexus adversaries stole billions of dollars in digital assets in 2025, industrializing cybercrime through AI-driven fraudulent tactics. Hands-on-keyboard attacks against financial institutions have surged over the past two years by 43% globally and 48% in North America. This is due to attackers abusing identity trust and SaaS applications to bypass traditional defenses.
Highlights of the CrowdStrike Financial Services Threat Landscape Report:
Based on frontline intelligence from CrowdStrike Counter Adversary Operations, which tracks more than 280 named adversaries, the report revealed the following:
Digital asset theft hits record scale: Digital asset theft by North Korea-nexus actors reached a record high in 2025, increasing 51% year-over-year, with total reported industry-wide losses reaching $2.02 billion. PRESSURE CHOLLIMA stole $1.46 billion in cryptocurrency using trojanized software distributed through a supply chain compromise. This represents the largest reported financial theft case in history. GOLDEN CHOLLIMA accessed cloud environments of fintech companies in Southeast Asia and Canada by diverting cryptocurrency funds using lures disguised as job postings.
North Korea expands AI-driven fraud: North Korea-nexus actors expanded operations against the financial services industry using AI. FAMOUS CHOLLIMA doubled its operational scale using AI-generated identities to attempt intrusions into cryptocurrency exchanges, fintech platforms, and retail financial institutions. STARDUST CHOLLIMA tripled its operational pace, utilizing AI-generated recruiter personas and synthetic video conferencing environments to target fintech companies in North America, Europe, and Asia.
China-nexus espionage expands globally: China-nexus adversaries posed threats to the most critical intelligence gathering. HOLLOW PANDA executed intrusions against financial institutions in the Philippines, Indonesia, and Brazil. MURKY PANDA deployed a communications relay network consisting of over 150 endpoints across 36 countries, targeting 340 organizations across more than 30 industries. Among them, the financial services industry was the most frequently targeted.
Intensifying eCrime pressure on the industry: 423 financial service organizations were listed on dedicated leak sites, a 27% increase year-over-year. MUTANT SPIDER generated the most intrusions through vishing operations, and subsequently sold the acquired access rights to ransomware groups, enabling faster and more scalable attacks. In the first half of 2025, SCATTERED SPIDER resumed aggressive ransomware attacks against insurance companies after a four-month hiatus.
Adam Meyers, Head of Counter Adversary Operations at CrowdStrike, stated:
"Financial services organizations are facing threats from all directions, and the use of AI makes all of these threats harder to stop. They can create highly authentic identities, automate reconnaissance, and accelerate credential theft at almost zero cost. Adversaries use AI to shorten the time from initial access to impact, moving through trusted paths in a flash, so traditional defenses simply cannot keep up. To close this gap, defenders must counter AI with AI. They need to combine intelligence and hunting to outmaneuver the adversaries."
Additional Resources:
Download and read the CrowdStrike 2026 Financial Services Threat Landscape Report.
Listen to the "Adversary Portal" podcast for insights into threat actors and recommendations to help strengthen your security. For more information, please visit our blog or go online.
About CrowdStrike
CrowdStrike (NASDAQ: CRWD) is a global cybersecurity leader, providing endpoint, cloud workload, and identity protection solutions.
FAQ
2025年の北朝鮮関連アクターによるデジタル資産窃取の被害額は?
前年比51%増の20億2,000万ドルに達しました。
金融機関への手動攻撃(ハンズオンキーボード攻撃)はどれくらい増加しましたか?
過去2年間で世界的に43%、北米で48%急増しました。
PRESSURE CHOLLIMAによる暗号資産窃取の手口と被害額は?
サプライチェーン侵害によるトロイの木馬化ソフトウェアを利用し、過去最大の14億6,000万ドルを窃取しました。
攻撃者はAIをどのようにサイバー犯罪に悪用していますか?
AI生成のアイデンティティや採用担当者ペルソナ、合成ビデオ会議環境を利用して攻撃を自動化し、活動規模を拡大しています。
中国関連の脅威アクターによる金融機関への影響はどのようなものですか?
HOLLOW PANDAがフィリピンなどの金融機関に侵入し、MURKY PANDAは世界36か国の中継ネットワークを展開して標的としています。