March 2026 Security Issues in the Korean & Global Financial Sector

The report details a March 2026 surge of multi-stage attacks against Korean and global financial institutions — including phishing campaigns (Korean-language attachments and HTML/JS loaders), web shells, droppers, backdoors, downloaders, infostealers, coinminers, Telegram-based account compromises (~4% of affected financial accounts), and ransomware double-extortion and DDoS incidents — and documents an AnySign4PC watering-hole RCE attributed to the Lazarus group, dark web sale claims of large breached datasets, and associated MD5 and URL indicators.