North Korea

Google Cloud’s Mandiant unit says a North Korea-linked malware campaign targeting crypto users, tracked since 2018, has sharply increased in scale after adopting AI-driven techniques in November 2025. The detection highlights growing automation risks for the crypto ecosystem.

State-backed North Korean group UNC1069 is actively targeting crypto companies with custom malware deployed through social-engineering schemes, including fake Zoom calls, to exfiltrate data from Windows and macOS devices. The campaigns appear designed to enable large-scale financial theft.

The FBI has placed Sim Hyon-sop on its wanted list, accusing him of laundering cryptocurrency on behalf of North Korea. The move is part of a broader international investigation into DPRK-linked sanctions evasion.

Chainalysis reports North Korea–linked groups stole roughly $2 billion in crypto in 2025, continuing a shift toward fewer but larger attacks. The pattern echoes 2024’s $1.4 billion Bybit breach and increases pressure on exchanges and regulators.

Analysts report North Korea is using prohibited Nvidia GPUs to supercharge AI-driven attacks on digital assets, drawing on decades of state-led AI research. The move complicates sanctions enforcement and raises new risks for exchanges and custodians.

Senators Elizabeth Warren and Jack Reed have called for an investigation into a crypto company tied to Donald Trump, citing alleged links to illicit actors in North Korea and Russia. The move raises fresh questions about sanctions compliance and regulatory oversight in the crypto sector.

The U.S. Department of Justice announced Nov. 14 that it secured convictions against U.S. residents who aided North Korea in schemes to steal large amounts of cryptocurrency and has seized assets tied to cyberattacks on crypto platforms. The move highlights criminal risks in the sector while signalling tougher enforcement.