BENGALURU : CrowdStrike released the CrowdStrike 2026 Financial Services Threat Landscape Report, revealing that DPRK-nexus adversaries stole billions in digital assets in 2025 while industrializing cybercrime with AI-powered deception. Hands-on-keyboard intrusions against financial institutions spiked 43% globally and 48% in North America over the past two years, as adversaries exploited trusted identities and SaaS applications to evade legacy defenses.
CrowdStrike Financial Services Threat Landscape Report Highlights:
Based on frontline intelligence from CrowdStrike Counter Adversary Operations tracking more than 280 named adversaries, the report reveals:
● Digital Asset Theft Hits Record Levels: DPRK-nexus actors drove a 51% year-over-year increase in digital asset theft in 2025, stealing a reported $2.02 billion across the sector. PRESSURE CHOLLIMA conducted the largest financial theft ever reported: $1.46 billion in cryptocurrency through trojanized software distributed via a supply chain compromise. GOLDEN CHOLLIMA used recruitment-themed lures to divert cryptocurrency funds and access cloud environments at fintechs in Southeast Asia and Canada.
● DPRK Scales Deception with AI: DPRK-nexus actors used AI to scale operations against the sector. FAMOUS CHOLLIMA doubled its operations using AI-generated identities to infiltrate cryptocurrency exchanges, fintech platforms, and consumer banks. STARDUST CHOLLIMA tripled its operational tempo, deploying AI-generated recruiter personas and synthetic video conferencing environments to target fintechs across North America, Europe, and Asia.
● China-Nexus Espionage Scales Globally: China-nexus adversaries posed the most significant intelligence collection threat. HOLLOW PANDA conducted intrusions at financial institutions in the Philippines, Indonesia, and Brazil. MURKY PANDA deployed an operational relay box network across more than 150 endpoints in 36 countries, targeting 340 organizations across more than 30 sectors, with financial services among the most frequently targeted.
● eCrime Pressure on the Sector Intensifies: 423 financial services organizations appeared on dedicated leak sites marking a 27% increase year-over-year. MUTANT SPIDER drove the highest intrusion volume through vishing campaigns, then sold access to ransomware groups, enabling faster and more scalable attacks. In the first half of 2025, SCATTERED SPIDER resumed aggressive ransomware operations against insurance entities after a four-month pause.
“Financial services organizations face threats from every direction and AI is making each of them harder to stop. The cost to create convincing identities, automate reconnaissance, and accelerate credential theft is near zero,” said Adam Meyers, head of counter adversary operations at CrowdStrike. “Adversaries are using AI to compress the time from initial access to impact, moving through trusted paths faster than legacy defenses can respond. To close that gap, defenders have to meet AI with AI – pairing intelligence with hunting to outpace the adversary.”