October 2025 Security Issues in Korean and Global Financial Sector
This report comprehensively covers actual cyber threats and security issues relevant to the finance industry in Korea and around the world.
The article includes an analysis of the malware and phishing cases distributed to the financial sector. It also provides a list of the top 10 malware targeting the financial sector and statistics on the industries of the leaked Korean accounts on Telegram. A case of phishing emails distributed to the financial sector is also covered in detail.
This article also analyzed major financial threats and cases that occurred on the dark web. It investigated the threats and cases of credit card data breach, financial institution database breach, and ransomware breach and their resulting damages in the financial sector. Additionally, it also analyzed various cyber attack threats and their resulting damages that targeted financial institutions.
Summary of Key Issues in the Deep and Dark Web Related to the Financial Industry
- Cases of Database Leaks
Victim Company: **dia.in
A large-scale customer database of **dia, an Indian life insurance company, is being sold on the cybercrime forum DarkForums. **dia is the largest life insurance company in India, offering life insurance, pensions, and investment products. It is an institution with an extensive customer base and branches across India.
The threat actor, who goes by the name omnipotent, claimed to be in possession of approximately 454 million (45.4M) records, with the data being leaked in December 2024. According to the threat actor, the stolen data includes sensitive information related to insurance policies and customers, such as policy numbers, product types, insurance periods, payment frequencies, coverage amounts, customer names, addresses, dates of birth, genders, emails, phone numbers, PAN numbers (Indian taxpayer identification numbers), branch codes, and contact details of responsible personnel. The threat actor also posted a link to a sample of the stolen data.
This breach is considered the largest case of customer data breach in the history of the Indian insurance industry. The stolen data is highly likely to be used for identity theft, insurance fraud, vishing, and spear-phishing attacks. The illegal distribution of the massive financial and personal database held by **dia has highlighted the urgent need for the enhancement of the overall information security system and the encryption level of customer data in the Indian financial industry.
Figure 1. Database leak case
- Ransomware case
Qilin, The Gentlemen ransomware group breached several financial companies and posted them as victims on their DLS (Dedicated Leak Sites). The cases of damage are as follows.
Ransomware: The Gentlemen
Victim Company: ***axis.com
The ransomware group The Gentlemen claimed to have attacked the Singaporean financial IT service company *** Axis Ltd. *** Axis Ltd. is a FinTech company listed in Singapore and was established in 1989. The company provides core banking systems and digital transformation solutions to more than 380 financial institutions in Asia, Europe, the Middle East, Africa, and the Americas. 40% of the top 20 banks in Southeast Asia are their clients.
The group claimed to have stolen a large amount of data from the victim company’s internal system, but they did not disclose the specific amount or type of data. They have activated a countdown timer and plan to release the data in the future. *** Axis provides core financial infrastructure to many banks and FinTech companies, so if the breach is confirmed, it may lead to secondary damage affecting the entire financial sector. The fact that the threat actors are attempting to blackmail the company through data leaks indicates the risk of a supply chain attack that may lead to the exposure of customer financial information and source code.
In response to this, financial IT suppliers are advised to strengthen network segmentation between customer systems and reevaluate their partners’ access rights and backup policies.
Figure 2. Case of ransomware attack
