Qilin Korean Leaks campaign targeting South Korean financial-sector organizations
Campaign
Summary
Hide ▲
Show ▼
Qilin ran Korean Leaks, a multi-wave extortion campaign that hit South Korean financial organizations across September-October 2025. The operation spread through a compromised MSP, letting the attackers reach multiple victims through a shared upstream access path. It resulted in theft of over 1 million files and 2 TB of data from 28 victims. The messaging shifted across the waves from political framing to more conventional ransomware extortion.
Related Happenings
Adriatic Port Authority (Autorità di Sistema Portuale del hit by ransomware attack linked to Anubis
Incident
H score54
First: 15.06.2026 19:15
Last: 15.06.2026 19:15
Sources 1
About this happening:
The **Adriatic Port Authority** suffered a **ransomware breach** that disrupted the **Italian port of Ancona** and exposed sensitive port records. The intrusion was tied to **Anub...
Adriatic Port Authority (Autorità di Sistema Portuale del hit by ransomware attack linked to Anubis
IncidentAbout this happening: The **Adriatic Port Authority** suffered a **ransomware breach** that disrupted the **Italian port of Ancona** and exposed sensitive port records. The intrusion was tied to **Anub...
Charter Communications hit by network compromise linked to ShinyHunters
Incident
H score70
First: 26.05.2026 22:46
Last: 26.05.2026 22:46
Sources 1
About this happening:
**Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, with the company saying it is **alerting authorities** and that **no sensitive personal...
Charter Communications hit by network compromise linked to ShinyHunters
IncidentAbout this happening: **Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, with the company saying it is **alerting authorities** and that **no sensitive personal...
Latest development: 29.05.2026 11:29
Have I Been Pwned analyzed leaked Charter Communications data and confirmed that the incident affected 4.9 million accounts, with exposed records including names, email addresses, job titles, phone numbers, and physical addresses. The published data also included a subset of about 85,000 records from an internal employee directory.
ShinyHunters data-leak site exposing stolen attack data
Data Leak
H score71
First: 31.01.2026 17:02
Last: 31.01.2026 17:02
Sources 1
About this happening:
The **ShinyHunters** extortion gang is publishing stolen data on a **data-leak site** tied to its broader **Oracle PeopleSoft** theft campaign. New reporting adds the **University...
ShinyHunters data-leak site exposing stolen attack data
Data LeakAbout this happening: The **ShinyHunters** extortion gang is publishing stolen data on a **data-leak site** tied to its broader **Oracle PeopleSoft** theft campaign. New reporting adds the **University...
Qilin, Akira and Sinobi late-2025 ransomware wave
Campaign
H score39
First: 29.01.2026 15:01
Last: 29.01.2026 15:01
Sources 1
About this happening:
A **late-2025 ransomware wave** led by **Qilin**, **Akira** and **Sinobi** increased pressure on **organizations** as operators prioritized **fast access and execution** to evade...
Qilin, Akira and Sinobi late-2025 ransomware wave
CampaignAbout this happening: A **late-2025 ransomware wave** led by **Qilin**, **Akira** and **Sinobi** increased pressure on **organizations** as operators prioritized **fast access and execution** to evade...
Asahi Group Holdings hit by ransomware attack
Incident
H score62
First: 15.12.2025 13:15
Last: 15.12.2025 13:15
Sources 1
About this happening:
**Asahi Group Holdings** confirmed a **September 2025 ransomware attack** that disrupted **automated order and shipping processes** and exposed **two million people**’s personal d...
Asahi Group Holdings hit by ransomware attack
IncidentAbout this happening: **Asahi Group Holdings** confirmed a **September 2025 ransomware attack** that disrupted **automated order and shipping processes** and exposed **two million people**’s personal d...
Timeline
-
26.11.2025 16:31 2 articles · 7mo ago
Qilin Korean Leaks campaign against South Korean financial organizations
Initial DisclosureSouth Korea's financial sector was targeted by the Qilin ransomware campaign dubbed Korean Leaks, which used a compromised Managed Service Provider (MSP) as initial access and unfolded in three publication waves across September-October 2025, affecting 28 victims and leading to theft of over 1 million files and 2 TB of data.
Show sources
- Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist — thehackernews.com — 26.11.2025 16:31
- Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist — thehackernews.com — 26.11.2025 16:31