TLDR: A new report from Google Threat Intelligence Group predicts a significant surge in cyberattacks targeting Korean firms in 2026, driven by state-backed hackers from North Korea and China leveraging artificial intelligence. These attacks will include advanced social engineering, deepfakes, ransomware, and data exfiltration, posing increased economic threats and exploiting vulnerabilities in supply chains.
A recent 2026 Cybersecurity Forecast Report by the Google Threat Intelligence Group (GTIG), published on November 5, 2025, warns of an intensifying wave of cyberattacks against Korean corporations and institutions in the coming year. The report highlights that state-backed hackers from North Korea and China are increasingly integrating artificial intelligence (AI) into their operations, leading to a surge in sophisticated ransomware attacks and data theft.
The GTIG report states, “Attacks that use AI will become the new norm in 2026.” It further elaborates that AI will significantly accelerate various forms of cyber threats, including social engineering tactics aimed at information leaks or account theft, information operations, and the development of malicious software (malware). This shift is expected to reshape the landscape of cyber threats.
Specifically, the report anticipates a rise in highly tailored attacks that impersonate executives, employees, and partners. These will move beyond simple text-based phishing to actively utilize multimodal Generative AI, incorporating voice, text, and video deepfakes. Such AI-powered attacks are projected to enhance the success rate of voice phishing and facilitate large-scale business email compromise (BEC) schemes.
Ransomware and data exfiltration are expected to remain the primary cybercrimes causing the most substantial economic damage. These attacks are likely to be executed by major threat groups that exploit third-party vendors and zero-day vulnerabilities to launch widespread, cascading assaults. The report also cautions about the growing critical risks associated with AI tools not officially approved by organizations, often referred to as “shadow agents.”
Also Read:
- Google Cloud’s 2026 Cybersecurity Forecast: A Looming Surge in AI-Powered Cyberattacks and Global Extortion
- AI Leaders Intensify Battle Against Rising Cyber Threats, Focusing on Prompt Injection Vulnerabilities
Regarding specific state-backed actors, North Korea is predicted to expand its attacks targeting cryptocurrency organizations to generate revenue. These groups will employ sophisticated social engineering techniques, such as luring targets through fake hiring assessments or deceiving high-value talent with deepfake videos. China-backed threat groups are also expected to continue their large-scale cyber operations throughout the next year.
