Hackers connected to North Korea reportedly stole $2.02 billion worth of digital assets in 2025, marking a 51% increase compared to the previous year.
The report also revealed that dedicated leak sites listed 423 financial services organizations as victims, reflecting a 27% year-over-year rise.
Meanwhile, the cyber group FAMOUS CHOLLIMA significantly expanded its operations by using AI-generated identities to infiltrate crypto exchanges, fintech companies, and banking institutions.
According to CrowdStrike’s 2026 Financial Services Threat Landscape Report, North Korea-backed cyber actors have become one of the biggest threats facing the crypto and fintech sectors. The report noted that the stolen funds are believed to support the country’s military initiatives.
AI-Powered Cyberattacks Target Financial Institutions
CrowdStrike stated that North Korean hacking groups are increasingly adopting artificial intelligence to strengthen and scale their cyber campaigns against the financial industry.
The report highlighted that FAMOUS CHOLLIMA doubled its operational activity through the use of AI-created identities, allowing operatives to pose as legitimate employees or applicants and gain access to crypto platforms, fintech firms, and retail banking systems.
Ransomware and Cyber Espionage Continue to Rise
In addition, CrowdStrike identified 423 financial-sector victims appearing on dedicated leak sites during the reporting period, representing a 27% increase from the previous year.
Interactive cyber intrusions, often referred to as “hands-on-keyboard” attacks, climbed 43% globally, while North America experienced an even sharper 48% increase.
The pressure on the financial sector has continued into 2026, with North America accounting for more than half of all industry intrusions during the first quarter of the year.
CrowdStrike also reported that by Q1 2026, financial services had become the fourth most-targeted industry worldwide, making up 12% of all observed cyber activity.
