CrowdStrike has warned that artificial intelligence is accelerating cyber threats against the global financial sector, as nation-state hackers and cyber criminal groups increasingly turn to AI-powered deception, stolen identities, and cloud-based attack techniques to evade traditional defences.
The company said in its 2026 Financial Services Threat Landscape Report that hands-on-keyboard intrusions targeting financial institutions increased 43 per cent globally over the past two years, with attackers increasingly exploiting trusted identities and SaaS applications for initial access.
The report, based on tracking of more than 280 named threat groups, found that North Korean-linked actors were responsible for a record wave of digital asset theft during 2025.
DPRK-linked adversaries drove a 51 per cent year-on-year increase in digital asset theft, stealing an estimated US$2.02 billion from the sector.
CrowdStrike said the Pressure Chollima group carried out the largest publicly reported financial theft on record, stealing US$1.46 billion in cryptocurrency through trojanised software distributed via supply chain compromise.
Another DPRK-linked group, Golden Chollima, reportedly used recruitment-themed social engineering lures to divert cryptocurrency funds and gain access to cloud environments at fintech organisations in south-east Asia and Canada.
The report also highlighted the growing use of AI by North Korean threat actors to scale their operations. Stardust Chollima tripled its operational tempo using synthetic recruiter personas and AI-generated video conferencing environments to target fintech organisations across North America, Europe, and Asia.
The report also identified Chinese state-linked espionage groups as a major threat to financial institutions globally.
CrowdStrike said Hollow Panda conducted intrusions against financial organisations in the Philippines, Indonesia, and Brazil, while Murky Panda deployed an operational relay box network spanning more than 150 endpoints across 36 countries, targeting hundreds of organisations.
According to the report, ransomware and similar activity continued to intensify, with 423 financial services organisations appearing on ransomware leak sites during 2025, representing a 27 per cent year-on-year increase.
CrowdStrike said a group it calls Mutant Spider drove high intrusion volumes through voice phishing campaigns before selling access to ransomware operators, while Scattered Spider resumed ransomware operations targeting insurance organisations after a four-month pause earlier in the year.
Adam Meyers, head of counter-adversary operations at CrowdStrike, said AI was lowering the barrier to entry for sophisticated cyber crime operations.
“Financial services organisations face threats from every direction, and AI is making each of them harder to stop,” Meyers said.
“The cost to create convincing identities, automate reconnaissance, and accelerate credential theft is near zero.
“Adversaries are using AI to compress the time from initial access to impact, moving through trusted paths faster than legacy defences can respond. To close that gap, defenders have to meet AI with AI – pairing intelligence with hunting to outpace the adversary.”
You can read the full report here.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.