Find notable cyber news and cases, enriched with sources, timelines, and signals.

Qilin Korean Leaks campaign targeting South Korean financial-sector organizations

Campaign
First reported
Last updated
Happening score
H score 73
1 unique sources, 1 articles

Summary

Hide ▲

Qilin ran Korean Leaks, a multi-wave extortion campaign that hit South Korean financial organizations across September-October 2025. The operation spread through a compromised MSP, letting the attackers reach multiple victims through a shared upstream access path. It resulted in theft of over 1 million files and 2 TB of data from 28 victims. The messaging shifted across the waves from political framing to more conventional ransomware extortion.

Related Happenings

Adriatic Port Authority (Autorità di Sistema Portuale del hit by ransomware attack linked to Anubis

Incident
H score54 First: 15.06.2026 19:15 Last: 15.06.2026 19:15 Sources 1

About this happening: The **Adriatic Port Authority** suffered a **ransomware breach** that disrupted the **Italian port of Ancona** and exposed sensitive port records. The intrusion was tied to **Anub...

Charter Communications hit by network compromise linked to ShinyHunters

Incident
H score70 First: 26.05.2026 22:46 Last: 26.05.2026 22:46 Sources 1

About this happening: **Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, with the company saying it is **alerting authorities** and that **no sensitive personal...

Latest development: 29.05.2026 11:29

Have I Been Pwned analyzed leaked Charter Communications data and confirmed that the incident affected 4.9 million accounts, with exposed records including names, email addresses, job titles, phone numbers, and physical addresses. The published data also included a subset of about 85,000 records from an internal employee directory.

ShinyHunters data-leak site exposing stolen attack data

Data Leak
H score71 First: 31.01.2026 17:02 Last: 31.01.2026 17:02 Sources 1

About this happening: The **ShinyHunters** extortion gang is publishing stolen data on a **data-leak site** tied to its broader **Oracle PeopleSoft** theft campaign. New reporting adds the **University...

Qilin, Akira and Sinobi late-2025 ransomware wave

Campaign
H score39 First: 29.01.2026 15:01 Last: 29.01.2026 15:01 Sources 1

About this happening: A **late-2025 ransomware wave** led by **Qilin**, **Akira** and **Sinobi** increased pressure on **organizations** as operators prioritized **fast access and execution** to evade...

Asahi Group Holdings hit by ransomware attack

Incident
H score62 First: 15.12.2025 13:15 Last: 15.12.2025 13:15 Sources 1

About this happening: **Asahi Group Holdings** confirmed a **September 2025 ransomware attack** that disrupted **automated order and shipping processes** and exposed **two million people**’s personal d...

Timeline

  1. 26.11.2025 16:31 2 articles · 7mo ago

    Qilin Korean Leaks campaign against South Korean financial organizations

    Initial Disclosure

    South Korea's financial sector was targeted by the Qilin ransomware campaign dubbed Korean Leaks, which used a compromised Managed Service Provider (MSP) as initial access and unfolded in three publication waves across September-October 2025, affecting 28 victims and leading to theft of over 1 million files and 2 TB of data.

    Show sources