The June 2025 Security Issues report highlights a range of cyber threats targeting the financial sector in South Korea and globally, with a focus on malware, phishing, ransomware, and data breaches. The report identifies the top 10 malware strains affecting financial institutions and notes the leakage of Korean account statistics on Telegram, indicating active data exfiltration and potential credential abuse. Dark web activities are emphasized, particularly the trade and exposure of credit card data and financial institution database leaks. Noteworthy incidents include a massive data breach of a digital payment platform in Indonesia impacting 44 million users and a ransomware attack by the Everest group on a bank in Jordan, resulting in the compromise of 11.7 GB of internal data. The threat actors employ various tactics, techniques, and procedures (TTPs) such as data destruction (T1489), command and control communication (T1071), data from local system (T1005), data from network shared drive (T1567), exploitation for credential access (T1219), data encrypted for impact (T1486), and account takeover strategies. The report underscores the critical need for real-time protection systems, advanced account takeover detection, and robust internal defense mechanisms tailored for the financial sector to mitigate these evolving threats. Indicators of compromise (IOCs) include multiple malware hashes linked to these campaigns, although no known exploits are currently reported in the wild. The medium severity rating reflects the significant but not yet fully exploited threat landscape.

For European financial organizations, the described threats pose considerable risks to confidentiality, integrity, and availability of sensitive financial data and services. Phishing and malware campaigns can lead to credential theft, enabling account takeovers and fraudulent transactions. Database leaks and ransomware attacks threaten the integrity and availability of critical financial systems, potentially causing operational disruptions and financial losses. The exposure of credit card data and personal financial information can result in regulatory penalties under GDPR and damage to customer trust. The cross-border nature of these attacks, combined with the global interconnectedness of financial services, means European institutions could face indirect impacts through supply chain vulnerabilities or partnerships with affected Asian or global entities. Additionally, the tactics used by threat actors, such as ransomware and data destruction, could severely disrupt European financial operations if similar attacks occur locally. The medium severity indicates a tangible threat that requires proactive defense but is not currently at a crisis level.

European financial organizations should implement multi-layered security controls beyond standard measures. Specific recommendations include: 1) Deploy advanced real-time threat detection systems capable of identifying and blocking phishing attempts and malware based on behavioral analytics and threat intelligence feeds, including the provided malware hashes. 2) Enhance account takeover detection using machine learning models that analyze user behavior anomalies and implement multi-factor authentication (MFA) rigorously across all access points. 3) Conduct regular dark web monitoring to identify leaked credentials or financial data related to the organization and respond promptly. 4) Harden internal defenses by segmenting networks, restricting lateral movement, and applying strict access controls, especially for sensitive financial databases. 5) Develop and regularly test incident response plans tailored to ransomware and data breach scenarios, including secure offline backups and rapid containment strategies. 6) Collaborate with industry information sharing groups to stay updated on emerging threats and share intelligence. 7) Provide continuous security awareness training focused on phishing and social engineering tactics targeting financial staff. These measures, combined with adherence to regulatory requirements and continuous security posture assessments, will strengthen resilience against the evolving threat landscape described.