This article is about ‘The Cyber Front of Iran–Israel’.
While the financial sector has long been an attractive target, the period 2024-2026 presents a qualitatively different picture. Instead of operating independently, the two threat planes function within a shared ecosystem: initial access ads on dark web forums pave the way for cryptocurrency exchange robberies, while leaked credentials from APT operations recirculate on the same forums.
Dark web forums and Telegram channels have become the new marketplace for initial access sales. On the crypto front, North Korean-linked groups stole $2 billion in a single year, representing a 51% increase compared to 2024. Financial institutions have been pressured on two fronts during this period: data and digital assets.
The attacker profile has become less uniform during this period. Hacktivist DDoS groups, organized crime networks, and state-sponsored APT structures are simultaneously targeting the same sector from different angles. This overlap is making threat modeling increasingly complex for the defense. The report focuses on how these two layers feed off each other, particularly the link between IAB sales and ransomware operations.
We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:
