No Result
View All Result
  • Login
Monday, July 13, 2026
theadvisertimes.com
  • Home
  • Business
  • Financial Planning
  • Personal Finance
  • Investing
  • Money
  • Economy
  • Markets
  • Stocks
  • Trading
  • Home
  • Business
  • Financial Planning
  • Personal Finance
  • Investing
  • Money
  • Economy
  • Markets
  • Stocks
  • Trading
No Result
View All Result
theadvisertimes.com
No Result
View All Result
Home Business

North Korean operatives stole $2 billion last year—and financial firms are the next target

by theadvisertimes.com
2 months ago
in Business
Reading Time: 6 mins read
A A
0
North Korean operatives stole  billion last year—and financial firms are the next target
Share on FacebookShare on TwitterShare on LInkedIn



North Korea’s army of cyber operatives stole a record $2 billion in digital assets last year, fueled by the largest financial theft ever reported—$1.46 billion stolen in a single operation from crypto exchange Bybit. 

The attackers pulled off the heist by compromising a software developer’s laptop at a third-party platform the Dubai-based Bybit relied on, and then stealing the developer’s credentials and ultimately draining the assets from the exchange, according to the FBI. 

That $1.46 billion payload was the most spectacular strike in what turned out to be a record 2025. North Korea-linked cyber groups stole a combined $2.02 billion last year, up 51% year-over-year, according to a new CrowdStrike report shared with Fortune ahead of its release on Thursday. The stolen billions were almost certainly laundered and will be used to fund the regime’s military and nuclear weapons programs, the 2026 Financial Services Threat Landscape Report states. 

With the success of 2025 in the rear view, operatives from the Democratic People’s Republic of Korea (DPRK) are zeroing in on the financial services industry, CrowdStrike found. The latest findings, which cover activity observed from April 2025 through March 2026, reveal that North Korean adversaries have become the most prevalent state-sponsored intrusion threat facing financial firms, consumer banks, and related providers in the financial services sector. 

The percent of hands-on-keyboard break-ins, meaning real human attackers inside a financial institution’s network, grew 43% globally and 48% in North America over the past two years, CrowdStrike reported. Financial services jumped from being the sixth most-targeted sector in the first quarter of 2025 to the fourth most-targeted in the first quarter of 2026 behind tech, consulting and professional services, and manufacturing.

And the DPRK’s tried-and-true scheme involving North Korean IT workers pretending to be American job seekers doubled the volume of its attacks in 2025, according to CrowdStrike, making it the most active North Korea-linked form of attack the firm tracks. The IT worker operation, in which thousands of North Korean men trained in software development are stationed in China, Russia, and other locations, functions by using American identities to land remote tech jobs at American and European companies. 

The scheme has been so successful, law enforcement has created a joint FBI-National Security Division task force to disrupt the operations and have dealt a series of harsh prison terms to American accomplices who have willingly aided the North Koreans. 

A Nashville laptop farm and New York recruiting front

Generally, the IT workers running the employment scam fabricate résumés and software development profiles using stolen identities to appear legitimate—or they recruit American accomplices to rent out their names to the workers in exchange for quick cash and sometimes a recurring cut of the proceeds. The IT workers take their salary, often earned doing real work, and then send most of the money back to the DPRK where authoritarian ruler Kim Jong-Un uses it to fund the country’s nuclear weapons program. In some cases, the IT operatives share intelligence with the DPRK’s malicious hacking army to help steal data or organize additional theft. 

This month, two American men were sentenced to 18 months in federal prison each for operating “laptop farms” and helping North Korean IT workers get remote jobs at nearly 70 American companies in separate schemes that generated more than $1.2 million for the DPRK. The term laptop farm refers to the setups the accomplices create after fraudulently accepting laptops from companies and installing software and remote desktop applications to shield the IT workers identities’ and help funnel their salaries. 

Matthew Isaac Knoot ran a laptop farm out of his Nashville home between July 2022 and August 2023, court records show, and helped the North Korean scheme with jobs at four companies that paid more than $250,000 for IT work. Most of the money was reported to the IRS and Social Security Administration in the name of a real person whose identity was stolen. Knoot helped transfer the salary to accounts outside the U.S. and into accounts associated with North Korean and Chinese operatives, the DOJ said. 

In addition to 18 months in prison, Knoot was ordered to pay $15,100 in restitution to victim companies and forfeit another $15,100, which is what the DPRK IT workers paid him for his help in the scheme. 

A New York man, Erick Ntekereze Prince, was also sentenced to 18 months for laptop farming. Prince pleaded guilty to wire-fraud conspiracy and was ordered to forfeit the $89,000 DPRK IT workers paid him. According to authorities, Prince worked in the scheme from June 2020 through August 2024 and used his recruiting firm, Taggcar Inc., to direct “certified” IT workers to U.S. companies. He also kept U.S. company laptops at his New York home and installed remote access software so the IT workers could appear as though they worked from his residence.

The DOJ said Prince was part of a scheme that, in total, obtained work from 64 U.S. companies that paid more than $943,069 in salary payments. Four others were charged in the scheme, including Emanuel Ashtor and Pedro Ernesto Alonso de los Reyes. Ashtor awaits trial and de los Reyes is in custody in The Netherlands, authorities said. Two others charged, Jin Sung-il and Pak Jin-Song, are North Korean and remain at large. Ashtor’s lawyer did not immediately respond to a request for comment and de los Reyes could not be reached.

The Knoot and Prince sentencings bring the total number of Americans sent to prison for working as accomplices to at least nine since last year. 

‘Golden unicorns’

Adam Meyers, senior vice president of counter adversary operations at CrowdStrike, said last year he investigated about one DPRK-related attack a day, and this year it’s closer to two. In the month of March 2025, CrowdStrike identified 33 insider threat operations linked to Famous Chollima, CrowdStrike’s term for the North Korean IT worker scheme. In March 2026, Meyers said CrowdStrike identified 45 operations. 

The IT workers strike opportunistically, said Meyers, so if there’s a job opening posted online, they’ll just go for it with the goal of getting as many jobs as possible. He described the operation as “high tempo, low sophistication.” However, the DPRK operatives have become highly skilled at appearing to recruiters as “golden unicorn” job applicants that are irresistible to hiring teams, he added. 

“Their job is to make revenue for the weapons program of North Korea,” said Meyers. “So they are going to do whatever they can in terms of finding jobs.”

The UN has pegged the DPRK’s IT worker revenue generation at $250 million to $600 million per year. The UN’s Multilateral Sanctions Monitoring Committee, which tracks DPRK sanctions violations and evasion tactics, revealed at its latest meeting in January that the scheme has now victimized 40 countries around the globe.  

The DPRK threat is compounded by the fact that traditional financial institutions, an increasingly prevalent target, have pushed further into digital asset services and crypto in recent years, an area North Korean operatives have deep experience working to exploit. 

In the fourth quarter of 2025 alone, a North Korea-linked group that CrowdStrike calls “Stardust Chollima,” tripled the pace of its attacks, targeting at least 21 crypto and fintech firms across North America, Europe, and Asia in a single two-month period. 

That scheme involved operatives impersonating recruiters and executive search consultants on LinkedIn and Telegram and then sending unwitting job-seeking targets standard technical coding tests laced with malware.

The attackers used AI to generate fabricated people and video-conference environments by using images and videos of real executives and offices to make job seekers believe the sham interviews, CrowdStrike found. 

The hard way

Meyers said traditional financial institutions should absorb the “hard lessons” the crypto industry has taken in—sometimes at enormous cost. 

“They need to make sure they follow best practices in terms of things like having cold storage versus hot storage,” Meyers said, referring to security protocols for offline digital assets versus connected wallets. “Making sure that you have multi-factor authentication, making sure that you have multiple control factors in place in terms of authorizing transfers” and steadfast defensive measures will help guard financial institutions. 

CrowdStrike’s report assessed that the DPRK cyber operations targeting consumer banks and other financial services firms will intensify through 2026, driven by international sanctions and the need to fund North Korea’s military and weapons programs. 

Meyers said protecting against the intrusions is a constant battle and as companies tighten their defenses, operatives will shift tactics. And then the cycle begins again. 

“It’s a constant battle to stop them from being successful,” said Meyers. “Companies really need to look at those lessons learned and make sure they’ve learned them—before they learn them the hard way.”



Source link

Tags: BillionfinancialfirmsKoreanNorthoperativesStoleTargetYearAnd
ShareTweetShare
Previous Post

3 Methods for Highlighting Multiple Positions at the Same Company on Your Resume

Next Post

Litigation Finance: Industry at Crossroads

Related Posts

SBI Funds Management IPO to open today. Check brokerages review, GMP, subscription staus and other details

SBI Funds Management IPO to open today. Check brokerages review, GMP, subscription staus and other details

by theadvisertimes.com
July 13, 2026
0

SBI Funds Management, India's largest asset management company, will open its Rs 9,813 crore IPO for subscription on Tuesday. The...

Iran mocks Trump’s reversal on Hormuz charges — ‘20% is of course too much. We will be fair’

Iran mocks Trump’s reversal on Hormuz charges — ‘20% is of course too much. We will be fair’

by theadvisertimes.com
July 13, 2026
0

The U.S. announced a new round of strikes on Iran on Monday, hours after President Donald Trump said Washington is “reinstating” a...

Mitch McConnell’s absence complicates Trump’s defense spending push amid Iran war

Mitch McConnell’s absence complicates Trump’s defense spending push amid Iran war

by theadvisertimes.com
July 13, 2026
0

The absence of two key Senate Republicans has complicated the Trump administration’s ambitions to pass budget appropriations and increase defense...

US stocks today: US stocks end lower as Iran tensions dampen risk appetite; chipmakers drop

US stocks today: US stocks end lower as Iran tensions dampen risk appetite; chipmakers drop

by theadvisertimes.com
July 13, 2026
0

Tech shares pulled U.S. stocks lower on Monday after President Donald Trump announced that he would reinstate a blockade on...

Exclusive: Delaware Secretary of State partners with Norm Ai to propose the AIC, a legal entity for agents

Exclusive: Delaware Secretary of State partners with Norm Ai to propose the AIC, a legal entity for agents

by theadvisertimes.com
July 13, 2026
0

In a 2023 essay published in Science, one of us argued that nothing in the law of several states clearly...

Germany opposes EU trade embargo on settlements

Germany opposes EU trade embargo on settlements

by theadvisertimes.com
July 13, 2026
0

The German government made it clear today that any vote on a boycott or toughening of trade terms with...

Next Post
Cheetah Net Supply Chain Service (CTNT) Q1 2026: Earnings Are In

Cheetah Net Supply Chain Service (CTNT) Q1 2026: Earnings Are In

Monthly Dividend Stock In Focus: InPlay Oil Corp.

Monthly Dividend Stock In Focus: InPlay Oil Corp.

  • Trending
  • Comments
  • Latest
Should You Offer a Concession to Get Your Apartment Leased Faster?

Should You Offer a Concession to Get Your Apartment Leased Faster?

June 15, 2026
How I Maximize My Sapphire Reserve Dining Credit

How I Maximize My Sapphire Reserve Dining Credit

July 10, 2026
Fourth of July 2026 Freebies and Deals

Fourth of July 2026 Freebies and Deals

July 3, 2026
5 things financial therapists want every advisor to know

5 things financial therapists want every advisor to know

June 26, 2026
The 10 Largest NYC Tech Startup Funding Rounds of June 2026 – AlleyWatch

The 10 Largest NYC Tech Startup Funding Rounds of June 2026 – AlleyWatch

July 6, 2026
Prime Day, June 2026: How Retailers Competed With Amazon

Prime Day, June 2026: How Retailers Competed With Amazon

June 29, 2026
Where You’ll Find America’s Cheapest Burger, Fries Combos

Where You’ll Find America’s Cheapest Burger, Fries Combos

0
SBI Funds Management IPO to open today. Check brokerages review, GMP, subscription staus and other details

SBI Funds Management IPO to open today. Check brokerages review, GMP, subscription staus and other details

0
Coinbase Smart Wallet Verification Upgrade Targets The Multi-Chain UX Problem

Coinbase Smart Wallet Verification Upgrade Targets The Multi-Chain UX Problem

0
New Jersey Tax-Relief Events: Three July Dates Near Seniors

New Jersey Tax-Relief Events: Three July Dates Near Seniors

0
Market Talk – July 13, 2026

Market Talk – July 13, 2026

0
Microsoft celebrates 50 years with Copilot

Microsoft celebrates 50 years with Copilot

0
SBI Funds Management IPO to open today. Check brokerages review, GMP, subscription staus and other details

SBI Funds Management IPO to open today. Check brokerages review, GMP, subscription staus and other details

July 13, 2026
Chinese humanoid startups are rushing to list

Chinese humanoid startups are rushing to list

July 13, 2026
8,924 in Esports Bets Reveal the Esports World Cup’s Biggest Week 2 Favorites

$558,924 in Esports Bets Reveal the Esports World Cup’s Biggest Week 2 Favorites

July 13, 2026
Iran mocks Trump’s reversal on Hormuz charges — ‘20% is of course too much. We will be fair’

Iran mocks Trump’s reversal on Hormuz charges — ‘20% is of course too much. We will be fair’

July 13, 2026
How advisors can help clients plan for fertility treatment costs

How advisors can help clients plan for fertility treatment costs

July 13, 2026
New Jersey Tax-Relief Events: Three July Dates Near Seniors

New Jersey Tax-Relief Events: Three July Dates Near Seniors

July 13, 2026
theadvisertimes.com

Get the latest news and follow the coverage of Business & Financial News, Stock Market Updates, Analysis, and more from the trusted sources.

CATEGORIES

  • Business
  • Cryptocurrency
  • Economy
  • Financial Planning
  • Investing
  • Market Analysis
  • Markets
  • Money
  • Personal Finance
  • Startups
  • Stock Market
  • Trading

LATEST UPDATES

  • SBI Funds Management IPO to open today. Check brokerages review, GMP, subscription staus and other details
  • Chinese humanoid startups are rushing to list
  • $558,924 in Esports Bets Reveal the Esports World Cup’s Biggest Week 2 Favorites
  • Our Great Privacy Policy
  • Terms of Use, Legal Notices & Disclosures
  • About Us
  • Contact Us

© Copyright 2024 All Rights Reserved
See articles for original source and related links to external sites.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Home
  • Business
  • Financial Planning
  • Personal Finance
  • Investing
  • Money
  • Economy
  • Markets
  • Stocks
  • Trading

© Copyright 2024 All Rights Reserved
See articles for original source and related links to external sites.