CrowdStrike's 2026 Global Threat Report highlights a sharp increase in North Korea-nexus activity during 2025, including a 130% rise in incidents, doubled FAMOUS CHOLLIMA activity, and faster operational tempo from STARDUST CHOLLIMA. The North Korea-relevant section emphasizes trusted-relationship abuse, valid credentials, SaaS and cloud pathways, and software supply chain compromise as part of a broader shift toward malware-free and evasive tradecraft. PRESSURE CHOLLIMA is cited in connection with the theft of $1.46 billion in cryptocurrency through trojanized software delivered via supply chain compromise. The report also notes that adversaries increasingly used AI for social engineering, reconnaissance, and attack scaling, while enterprise AI systems themselves became targets. For DPRK tracking, the findings matter because they show North Korea-linked groups expanding both financial theft operations and identity-centric intrusion methods at scale.