CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 11, 2026

Chinese, N. Korean Threat Groups Build on Asia-Pacific Success

Dark Reading Archived Jun 11, 2026 ✓ Full text saved

North Korea's gross domestic product (GDP) has grown, in part because of the cybercrime gains of groups linked to the nation, which target business and financial firms.

Full text archived locally
✦ AI Summary · Claude Sonnet


    CYBERATTACKS & DATA BREACHES CYBER RISK CYBERSECURITY OPERATIONS THREAT INTELLIGENCE NEWS Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific Chinese, N. Korean Threat Groups Build on Asia-Pacific Success North Korea's gross domestic product (GDP) has grown, in part because of the cybercrime gains of groups linked to the nation, which target business and financial firms. Robert Lemos,Contributing Writer June 10, 2026 4 Min Read SOURCE: KMLS VIA SHUTTERSTOCK Cyber-threat groups linked to North Korea and China continue to target financial firms and cryptocurrency assets in the Asia-Pacific region, but face increasing headwinds as national governments collaborate more closely with each other and private industry to seize cryptocurrency accounts linked to illegal activity. In its recent 2026 Financial Services Threat Landscape Report, CrowdStrike noted that six of the nine major threat groups targeting financial services in Q1 2026 are linked to China and North Korea, while at least 78 organizations in the Asia-Pacific and Oceania regions were targeted by cybercriminals groups' data-leak-and-ransom operations. Cybercrime remains a massive problem in the Asia-Pacific region, because financial fraud and digital theft have become tremendous revenue streams for some nations. In 2025, for example, threat actors linked to the Democratic People's Republic of Korea (DPRK) stole at least $2.02 billion in cryptocurrency, accounting for a 6% to 7% share of the nation's $29 billion estimated GDP. Related:Pakistan Spies on Afghan Finance Ministry With Xeno RAT Blockchain research firm Chainalysis, which announced a collaboration with South Korea's National Police Agency this week to aid investigations into illicit flow of funds and cryptocurrency, stressed that the cybercrime groups' tactics continue to evolve. "Our figures should be viewed as lower-bound estimates based on activity we've been able to attribute," says Eric Jardine, head of research at Chainalysis. "North Korea's record-breaking 2025 performance, achieved with significantly fewer known attacks, suggests we may only be seeing the most visible portion of its activity." North Korea is not alone in profiting from cybercrime, of course. Cybercrime scam compounds in Cambodia, Burma (Myanmar), and Laos have garnered tens of billions of dollars annually, accounting for a significant share of those nation's GDPs, while also costing victims in the regions billions of dollars. Cybercriminal Groups' Tactics Improving Social engineering remains the most popular attack vector among cybercriminal groups, with the unique combination of romance scam and investment fraud — known as "pig butchering" — the most common approach. However, North Korean threat groups often employ social engineering with a business focus, such as masquerading as IT workers. Now they are moving toward other approaches as well, says Jardine. "They are increasingly impersonating recruiters for prominent web3 and AI firms, running fake hiring processes designed to steal credentials, source code, and VPN or [single sign-on] access," he says. "We also observed outreach from purported investors or acquirers aimed at identifying access paths into high-value infrastructure." Related:Tropical Blend: Cyber & Politics Ramp Up Across Latin America Overall, the tactics of North Korea-linked groups are aimed at reproducing their greatest success: The $1.5 billion theft of cryptocurrency from exchange ByBit. Theft of currency from individual wallets increased to 158,000 incidents, but the total amount stolen declined. Support services for cybercriminals continue to grow as well, with the success of money laundering services that allows funds from financial fraud and cybercrime to be mixed with legitimate funds to make investigations more difficult. The ecosystem surrounding money laundering has evolved in the past few years. North Korea cyber-criminals move larger amounts of money than other threat actors, but rely on Chinese-language networks for transferring funds. Often, North Korean groups hold onto gains for 45 days before laundering funds, but that is more of a pattern, not a rule, Chainalysis' Jardine says. "They move larger amounts than other stolen-funds actors, but break transactions into smaller tranches and rely heavily on Chinese-language money movement networks, guarantee services, bridges, mixers, and [decentralized finance (DeFi)] protocols," he says. Related:Latin American Cybercriminals Hoover Up Government Data Nations Collaborating to Investigate Scams Regional governments and fintech firms have become better at tracking the proceeds, with significant recoveries of the funds associated with recent major thefts. In April, the US joint-agency Scam Center Strike Force took action against the Shunda cybercrime compound in Burma (Myanmar), charging two Chinese nationals for allegedly managing the compound, locking accounts holding $700 million in cryptocurrency, and taking down more than 500 websites in connection with the scam. In addition, the US Treasury Department's Office of Foreign Assets Control (OFAC) restrained $700 million in cryptocurrency tied to the scam networks and sanctioned a Cambodian senator and 28 other people in his network. Restraining involves obtaining a court order that prevents the movement of funds linked to crimes. Overall, nations in the region have made progress targeting groups like North Korean cyber-threat actors and others, says Jardine. "What we can say is that our ability to identify and disrupt their activities continues to improve," he says. "The most effective approach combines blockchain analytics, intelligence sharing, public-private collaboration, coordinated law enforcement action, and rapid response when stolen funds begin moving." Read more about: DR Global Asia Pacific About the Author Robert Lemos Contributing Writer Rob is an award-winning, veteran technology journalist of more than 30 years, reporting on global cybersecurity issues, the latest offensive and defensive technologies, malware incidents, cyber conflict, and AI's impact on software and cybersecurity.  A former research engineer, Rob has written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. He has received five awards for journalism, including Best Deadline Journalism (Online) in 2003 for his coverage of the Blaster worm. Rob also analyzes data on various trends using Python and R for both his reporting and his clients. Recent reports include analyses of the shortage in cybersecurity workers, annual vulnerability trends, and annual threat reports. Rob holds degrees from Cornell University in Electrical Engineering and Computer Science (double major). Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Organizations Are Managing Incident Response How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy Essential News & Insights from Black Hat USA 2025 How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Access More Research Webinars Advanced Persistent Threats: A Practical Guide to Detection and Response The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack Defending in the Shadow Era: When the CVE Feed Goes Dark Building SecOps That Make the Most of Every Dollar More Webinars You May Also Like CYBERATTACKS & DATA BREACHES Critical Fortinet Flaws Under Active Attack by Jai Vijayan, Contributing Writer DEC 17, 2025 CYBERATTACKS & DATA BREACHES CISA Warns of 'Ongoing' Brickstorm Backdoor Attacks by Rob Wright DEC 04, 2025 CYBERATTACKS & DATA BREACHES F5 BIG-IP Environment Breached by Nation-State Actor by Alexander Culafi OCT 15, 2025 CYBERATTACKS & DATA BREACHES Jaguar Land Rover Shows Cyberattacks Mean (Bad) Business by Robert Lemos, Contributing Writer OCT 03, 2025 Editor's Choice CYBERSECURITY OPERATIONS 20 Leaders Who Built the CISO Era: 2 Decades of Change byDark Reading Editorial Team MAY 12, 2026 41 MIN READ APPLICATION SECURITY It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight byJai Vijayan MAY 12, 2026 5 MIN READ CYBERATTACKS & DATA BREACHES Instructure Breach Exposes Schools' Vendor Dependence byAlexander Culafi MAY 6, 2026 4 MIN READ Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Advanced Persistent Threats: A Practical Guide to Detection and Response TUESDAY, JUNE 30, 2026 @ 1:00 PM EASTERN DAYLIGHT TIME The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed TUESDAY, JUNE 23, 2026 1:00 PM EDT Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack THURS, JUNE 25, 2026, AT 1PM EST Defending in the Shadow Era: When the CVE Feed Goes Dark TUES, JUNE 16, 2026 AT 1PM EST Building SecOps That Make the Most of Every Dollar THURS, JULY 9, 2026 AT 1PM EST More Webinars AUG 1-6 | MANDALAY BAY, LAS VEGAS USE CODE: DARKREADING & SAVE $200 ON A BRIEFINGS PASS OR $100 ON A BUSINESS PASS The premier cybersecurity event returns. GET YOUR PASS ANATOMY OF A DATA BREACH This comprehensive virtual event examines the main vulnerabilities and exploits that lead to enterprise data breaches, plus the latest tools and best practices for conducting incident response. BEAT HACKERS TO IT
    💬 Team Notes
    Article Info
    Source
    Dark Reading
    Category
    ◇ Industry News & Leadership
    Published
    Jun 11, 2026
    Archived
    Jun 11, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗