The 2026 Financial Services Threat Landscape Report, recently released by CrowdStrike, highlights key findings on the cyber threats facing the financial services sector. The report indicates that 2025 saw a significant increase in digital asset theft, with DPRK-nexus adversaries using AI to industrialise cybercrime activity.
One of the main findings is a 43% global increase in hands-on-keyboard intrusions, alongside a 48% rise in North America over the past two years. The report notes that threat actors have increasingly used trusted identities and SaaS applications to bypass legacy security controls.
Digital asset theft increased by 51% year-over-year in 2025, reaching a total of $2.02 billion. The report highlights PRESSURE CHOLLIMA as responsible for a major incident involving $1.46 billion in cryptocurrency theft, using trojanized software delivered through a supply chain compromise.
The report also states that DPRK-nexus actors have expanded their use of AI in cyber operations. FAMOUS CHOLLIMA has used AI-generated identities to access cryptocurrency exchanges, fintech platforms, and consumer banking environments, while STARDUST CHOLLIMA has used AI-generated recruiter personas and synthetic video environments to target fintech organisations across multiple regions.
In addition, the report identifies increasing activity from China-nexus adversaries, with espionage operations expanding globally. Groups such as HOLLOW PANDA and MURKY PANDA are reported to have conducted intrusions across financial institutions in the Philippines, Indonesia, and Brazil, using relay box networks to target organisations across multiple sectors, including financial services.
eCrime activity continues to place pressure on the sector, with a 27% increase in financial services organisations appearing on dedicated leak sites. The report notes that groups including MUTANT SPIDER and SCATTERED SPIDER have used vishing campaigns and ransomware operations to exploit vulnerabilities within the sector.
Key findings from the report include:
- Increase in hands-on-keyboard intrusions
- Escalation in digital asset theft
- DPRK use of AI-driven deception techniques
- Expansion of China-nexus espionage activity
- Continued rise in eCrime pressure on financial services organisations
The report concludes that financial institutions are encouraged to strengthen their security posture using advanced AI-driven defence capabilities, with a focus on combining threat intelligence and proactive threat hunting to respond to evolving adversary activity.
