The_State_of_Cybersecurity_in_the_Finance_Sector.pdf (5 MB)

Darktrace’s finance-sector security report describes adversaries targeting cloud environments, edge infrastructure, VPNs, remote gateways, and legacy systems across financial institutions. The DPRK-relevant portion names Lazarus alongside Cl0p as an example of ransomware or intrusion groups leveraging supply-chain compromise and tailored payloads. The excerpt also highlights MFA bypass techniques such as adversary-in-the-middle phishing and QR-code phishing as active risks for financial-sector defenders. Its value for CTI is broad rather than indicator-driven: it frames Lazarus activity as part of a wider financial threat landscape where remote access, identity abuse, cloud complexity, and unmanaged AI adoption increase exposure.