Beta

Source: OJ L, 2025/1190, 18.6.2025

EN

Annex III Content of the targeted threat intelligence report (Article 10(5))

The targeted threat intelligence means information that has been aggregated, transformed, analysed, interpreted or enriched to provide the necessary context for decision-making and to enable relevant and sufficient understanding in order to mitigate the impact of an ICT-related incident or of a cyber threat, including the technical details of a cyber-attack, those responsible for the attack and their modus operandi and motivations; report shall contain information on all of the following:

  1. The overall scope of the intelligence research including at least the following:

    1. critical or important functions means a function, the disruption of which would materially impair the financial performance of a financial entity, or the soundness or continuity of its services and activities, or the discontinued, defective or failed performance of that function would materially impair the continuing compliance of a financial entity with the conditions and obligations of its authorisation, or with its other obligations under applicable financial services law; in scope;

    2. their geographical location;

    3. official EU language in use;

    4. relevant ICT third party services providers;

    5. period of time over which the research is gathered.

  2. The overall assessment of what concrete actionable intelligence can be found about the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;, including:

    1. the employee usernames and passwords;

    2. the look-alike domains which can be mistaken for official domains of the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;;

    3. technical reconnaissance: vulnerable or exploitable software means the part of an electronic information system which consists of computer code;, systems and technologies;

    4. information posted by employees on the internet, related to the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;, which might be used for the purposes of an attack;

    5. information for sale on the dark web;

    6. any other relevant information available on the internet or public networks;

    7. where relevant, physical targeting information, including ways of access to the premises of the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;.

  3. Threat intelligence means information that has been aggregated, transformed, analysed, interpreted or enriched to provide the necessary context for decision-making and to enable relevant and sufficient understanding in order to mitigate the impact of an ICT-related incident or of a cyber threat, including the technical details of a cyber-attack, those responsible for the attack and their modus operandi and motivations; analysis considering the general threat landscape and the particular situation of the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;, including, at least:

    1. the geopolitical environment;

    2. the economic environment;

    3. technological trends and any other trends related to the activities in the financial services sector.

  4. Threat profiles of the malicious actors (specific individual/group means a group as defined in Article 2, point (11), of Directive 2013/34/EU; or generic class) that may target the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;, including the systems of the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; that malicious actors are most likely to compromise or target, the possible motivation, intent and rationale for the potential targeting and the possible modus operandi of the attackers.

  5. Threat scenarios: at least three end-to-end threat scenarios for the threat profiles identified in accordance with point 4 who exhibit the highest threat severity scores. The threat scenarios shall describe the end-to-end attack path and shall include, at least:

    1. one scenario that includes but is not limited to compromised service availability;

    2. one scenario that includes but is not limited to compromised data integrity;

    3. one scenario that includes but is not limited to compromised information confidentiality.

  6. Where relevant, a description of the non-threat-led scenario referred to in Article 10(4).

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod