North Korean operatives stole $2 billion last year-and financial firms are the next target | Fortune

North Korean operatives stole $2 billion last year-and financial firms are the next target | Fortune

Briefly

"North Korea-linked cyber groups stole a combined $2.02 billion last year, up 51% year-over-year, according to a new CrowdStrike report shared with Fortune ahead of its release on Thursday. The stolen billions were almost certainly laundered and will be used to fund the regime's military and nuclear weapons programs, the 2026 Financial Services Threat Landscape Report states."

"The attackers pulled off the heist by compromising a software developer's laptop at a third-party platform the Dubai-based Bybit relied on, and then stealing the developer's credentials and ultimately draining the assets from the exchange, according to the FBI. That $1.46 billion payload was the most spectacular strike in what turned out to be a record 2025."

"With the success of 2025 in the rear view, operatives from the Democratic People's Republic of Korea (DPRK) are zeroing in on the financial services industry, CrowdStrike found. The latest findings, which cover activity observed from April 2025 through March 2026, reveal that North Korean adversaries have become the most prevalent state-sponsored intrusion threat facing financial firms, consumer banks, and related providers in the financial services sector."

"The percent of hands-on-keyboard break-ins, meaning real human attackers inside a financial institution's network, grew 43% globally and 48% in North America over the past two years, CrowdStrike reported. Financial services jumped from being the sixth most-targeted sector in the first quarter of 2025 to the fourth most-targeted in the first quarter of 2026 behind tech, consulting and professional services, and manufacturing."