The financial system is no longer just the backbone of economic life—it has become a strategic asset and, consequently, a prime target in the evolving arena of cyber warfare. The transformation of finance into a deeply interconnected, data-driven ecosystem has brought unprecedented efficiency, but it has also created vulnerabilities that malicious actors are increasingly eager to exploit. As geopolitical tensions spill into cyberspace, central banks and financial institutions find themselves operating on an invisible battlefield where the weapons are lines of code, and the casualties can include trust, liquidity, and economic stability itself.
Cyber attacks on financial institutions are no longer limited to one-off data breaches or minor disruptions. They now span a sophisticated spectrum, including ransomware, distributed denial of service (DDoS) attacks, and—most troublingly—advanced persistent threats (APTs). These APTs are methodical, stealthy, and often backed by state actors or highly organized cybercriminal groups. Unlike traditional hacks, which may aim for a quick payout, APTs infiltrate systems quietly and remain undetected for weeks or even months, mapping out networks, identifying weak spots, and preparing to strike at critical moments. Their methods typically begin with spear phishing—targeted emails designed to deceive specific employees into revealing credentials or clicking malicious links. From there, attackers leverage zero-day exploits, move laterally through internal systems, escalate privileges, and either exfiltrate data or corrupt it silently. The long game played by APTs makes them particularly dangerous in a financial context, where real-time accuracy and trust are paramount.
Real World Examples – APTs and Other Significant Cyber Breaches
One of the most infamous examples of a financial cyber attack is the 2016 Bangladesh Bank heist, where attackers exploited vulnerabilities in the SWIFT international payment network. Using stolen credentials and malware that mimicked legitimate instructions, the attackers attempted to transfer nearly $1 billion from the central bank’s New York Fed account. Although most transfers were blocked, $81 million was successfully routed to accounts in the Philippines and promptly laundered. This brazen attack highlighted how core infrastructure, such as interbank messaging systems, could be manipulated with relatively basic security oversights, and it spurred global reforms in how banks approach authentication and endpoint security.
Another high-impact case emerged in 2017 with the NotPetya malware outbreak, widely attributed to Russian state actors. Originally aimed at destabilizing Ukraine, the malware quickly spread globally, crippling businesses including the shipping giant Maersk. Although Maersk is not a financial institution, the ripple effects were deeply financial—global trade was disrupted, payments delayed, and insurance claims spiked. The attack illustrated how a cyber assault on non-financial infrastructure can still have significant financial consequences, revealing the fragility of interconnected economies in the face of cyber-induced shocks.
In August 2024, an Iranian group named IRLeaks executed a cyberattack described as the worst in Iran’s history. The attack targeted 20 out of 29 Iranian credit institutions, including the Central Bank, Post Bank of Iran, and the Bank of Industry and Mines. The hackers accessed data on millions of customers, including credit card details, and demanded a ransom. The Iranian government reportedly paid millions to prevent the collapse of its financial system, illustrating the severe implications of such breaches on national economic stability.
The Industrial and Commercial Bank of China (ICBC) faced multiple ransomware attacks during this period. In 2023, the LockBit group targeted ICBC’s U.S. financial services division, disrupting U.S. Treasury trading. The following year, the Hunters International ransomware group stole 6.6 terabytes of data from ICBC’s London branch, threatening to release it unless their demands were met. These incidents highlight the global reach and persistence of ransomware threats against major financial institutions.
Earlier, between 2012 and 2013, major U.S. banks were subjected to sustained DDoS attacks under the campaign known as Operation Ababil. Led by a group calling itself the Cyber Fighters of Izz ad-Din al-Qassam, these attacks overwhelmed the websites of Bank of America, JPMorgan Chase, Wells Fargo, and others, making online banking services inaccessible to millions. While no funds were stolen, the campaign served as an early warning of how service disruption alone could erode consumer confidence and force banks to spend heavily on defensive upgrades.
Beyond these high-profile cases, numerous other incidents globally have exposed systemic vulnerabilities. In 2018, Banco de Chile was attacked using malware suspected to have been developed by North Korea’s Lazarus Group. The hackers used a wiper virus to distract security teams while transferring $10 million abroad via SWIFT. The same year, India’s City Union Bank suffered a similar fate when hackers rerouted unauthorized transfers to accounts in Turkey, China, and the UAE. Although partial recoveries were made, the event revealed the weaknesses in cross-border fraud detection and response systems.
In a separate breach in 2019, Capital One suffered an internal exploit when a former AWS employee accessed the personal data of over 100 million customers through a misconfigured firewall. Although not tied to espionage or war, the breach underscores how even insider threats and poor cloud configurations can become systemic risks when customer trust and regulatory scrutiny are on the line.
Ukraine, often seen as a testing ground for Russian cyber capabilities, has repeatedly suffered attacks on its financial institutions. Between 2015 and 2022, coordinated campaigns targeted Ukraine’s central bank and private financial systems. These attacks, often tied to geopolitical escalations, demonstrated how cyber warfare could be deployed in tandem with military operations—crippling payments, freezing ATMs, and disrupting salaries and pensions in contested regions.
The Iranian cyber campaign against U.S. financial institutions from 2011 to 2013 further reinforced the role of cyber tactics in statecraft. In retaliation for economic sanctions, Iranian operatives launched repeated DDoS attacks that targeted 46 major U.S. financial institutions over several months. These actions were disruptive, persistent, and later led to criminal indictments against seven Iranian nationals. The message was clear: cyber warfare had become a viable tool of geopolitical leverage.
Some Recent ones
Between June 2022 and March 2025, a series of significant data breaches affected major financial and service organizations worldwide, revealing the growing scale and complexity of cybersecurity threats.
In June 2022, Flagstar Bank, a prominent U.S. financial institution, experienced a major data breach that compromised the personal information of approximately 1.5 million customers, including Social Security numbers. Investigations indicated the breach may have begun as early as December 2021, raising concerns over the bank’s threat detection and response capabilities.
Following this, in early 2023, NCB Management Services, a debt collection agency servicing Bank of America, suffered a breach exposing the personal and financial data of nearly 495,000 individuals. This incident emphasized the vulnerabilities associated with third-party service providers. Another breach linked to Bank of America occurred in November 2023 when Infosys McCamish Systems, an IT service provider, exposed customer data during a cybersecurity event. This underscored the inherent risks in outsourcing critical IT functions without stringent vendor oversight.
In 2024, LoanDepot, a major mortgage lender in California, became a victim of a cyberattack affecting 16.9 million individuals. The attack was claimed by the Alphv (Blackcat) cybercriminal group, highlighting the persistent threat posed by organized cybercrime to the financial sector. That same year, in August, Iran experienced what was described as the worst cyberattack in its history when the IRLeaks group targeted 20 of the nation’s 29 credit institutions, including the Central Bank. Hackers accessed millions of customers’ data and demanded ransom, with reports suggesting the Iranian government paid millions to prevent economic collapse. Additionally, the Industrial and Commercial Bank of China (ICBC) faced multiple ransomware attacks in both 2023 and 2024. The LockBit group disrupted U.S. Treasury trading through an attack on ICBC’s U.S. division, and a year later, the Hunters International group stole 6.6 terabytes of data from ICBC’s London branch, further underscoring the transnational scale of ransomware threats.
Collectively, these breaches reflect an urgent need for organizations across sectors to strengthen their cybersecurity infrastructure, especially concerning third-party relationships, insider risk, and rapid response protocols.
The cumulative impact of such attacks is far-reaching. Even when money is not directly stolen, the erosion of trust, delays in transactions, and perceived insecurity can trigger panic. In a worst-case scenario, cyber-induced fear could spark digital bank runs, market sell-offs, or even currency instability, particularly in countries where public confidence in the banking sector is already fragile. The financial system relies fundamentally on trust—and cyber attacks, by striking at that intangible yet vital foundation, can produce consequences that rival those of traditional economic shocks.
Role of Central Banks in ensuring Financial Stability
In this context, central banks can no longer afford to treat cybersecurity as a purely technical issue or a secondary priority. It must be integrated into their core mandate of financial stability.
Cyber Resilience
First, they must establish robust cyber resilience frameworks. This means going beyond IT hygiene to include regular penetration testing, red-teaming simulations, and sector-wide cyber stress tests that mimic real-world APT campaigns. These tests should account not just for direct attacks, but for cascading effects across payment systems, clearing houses, and liquidity providers.
Analyzing Threats
Second, central banks should foster real-time information-sharing networks with domestic and international intelligence partners. Threats do not respect national borders, and neither should cyber defenses. AI-powered threat detection systems and incident response platforms must be scaled across national banking ecosystems to ensure coordinated and rapid response to attacks.
Architecture Hardening
Third, the core architecture of financial infrastructure needs to be hardened. This includes isolating critical systems from internet-facing components, adopting zero-trust security principles, and diversifying technology suppliers to avoid single points of failure. As quantum computing advances, the adoption of quantum-safe encryption standards will also become essential.
Resource and Skillset
Fourth, central banks must invest in developing cyber talent. Just as economists and monetary theorists have traditionally shaped policy, so too must cyber risk experts be brought into the fold. Establishing in-house cybersecurity units and public-private task forces can help bridge the gap between policy and practice.
Regulation and Supervision
Finally, regulatory frameworks must reflect the evolving threat landscape. Central banks should set minimum cybersecurity standards across all regulated financial institutions, treating cyber resilience as a systemic requirement akin to capital adequacy. They may also consider the introduction of cyber risk buffers—akin to capital buffers—for institutions with high operational exposure or poor cyber governance.
Cyber Threat – A Shared Concern
Looking forward, global coordination will be key. Just as the Basel Accords provided a common framework for financial risk management, the world may need a cyber equivalent: a treaty or set of international norms that protects financial infrastructure in times of peace and limits escalation in times of conflict. While enforcement remains a challenge, the recognition of digital finance as a shared global asset is a necessary first step.
The Invisible Battlefield
In sum, the invisible battlefield of cyber warfare is already reshaping the way we think about financial stability. The challenge is not simply to prevent the next breach—but to ensure that when it happens, the system bends without breaking. For central banks, the era of treating cyber risk as someone else’s problem is over. The new doctrine must be clear: secure, resilient, and globally coordinated finance is the best defense against the economic disruptions of tomorrow.
Leave a Reply