Qilin Korean Leaks campaign targeting South Korean financial-sector organizations
Campaign
Summary
Hide ▲
Show ▼
Qilin ran Korean Leaks, a multi-wave extortion campaign that hit South Korean financial organizations across September-October 2025. The operation spread through a compromised MSP, letting the attackers reach multiple victims through a shared upstream access path. It resulted in theft of over 1 million files and 2 TB of data from 28 victims. The messaging shifted across the waves from political framing to more conventional ransomware extortion.
Related Happenings
Charter Communications hit by network compromise linked to ShinyHunters
Incident
First: 26.05.2026 22:46
Last: 26.05.2026 22:46
Sources 1
About this happening:
**Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, raising the risk of customer-data exposure and active follow-on pressure. The company sa...
Charter Communications hit by network compromise linked to ShinyHunters
IncidentAbout this happening: **Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, raising the risk of customer-data exposure and active follow-on pressure. The company sa...
ShinyHunters data-leak site exposing stolen attack data
Data Leak
First: 31.01.2026 17:02
Last: 31.01.2026 17:02
Sources 1
About this happening:
The **ShinyHunters** extortion gang launched a **data-leak site**, beginning to publish data tied to the theft campaign and raising the exposure risk for victims.
ShinyHunters data-leak site exposing stolen attack data
Data LeakAbout this happening: The **ShinyHunters** extortion gang launched a **data-leak site**, beginning to publish data tied to the theft campaign and raising the exposure risk for victims.
Qilin, Akira and Sinobi late-2025 ransomware wave
Campaign
First: 29.01.2026 15:01
Last: 29.01.2026 15:01
Sources 1
About this happening:
A **late-2025 ransomware wave** led by **Qilin**, **Akira** and **Sinobi** increased pressure on **organizations** as operators prioritized **fast access and execution** to evade...
Qilin, Akira and Sinobi late-2025 ransomware wave
CampaignAbout this happening: A **late-2025 ransomware wave** led by **Qilin**, **Akira** and **Sinobi** increased pressure on **organizations** as operators prioritized **fast access and execution** to evade...
Asahi Group Holdings hit by ransomware attack
Incident
First: 15.12.2025 13:15
Last: 15.12.2025 13:15
Sources 1
About this happening:
**Asahi Group Holdings** confirmed a **September 2025 ransomware attack** that disrupted **automated order and shipping processes** and exposed **two million people**’s personal d...
Asahi Group Holdings hit by ransomware attack
IncidentAbout this happening: **Asahi Group Holdings** confirmed a **September 2025 ransomware attack** that disrupted **automated order and shipping processes** and exposed **two million people**’s personal d...
South Korean financial-sector data leak in Qilin's Korean Leaks operation
Data Leak
First: 26.11.2025 16:31
Last: 26.11.2025 16:31
Sources 1
How related:
Korean Leaks took place over three publication waves, resulting in the theft of over 1 million files and 2 TB of data from 28 victims.
About this happening:
The **Qilin** leak site published stolen data from **28 victims** in **South Korea's financial sector**, exposing more than **1 million files** and **2 TB** of data. The disclosur...
South Korean financial-sector data leak in Qilin's Korean Leaks operation
Data LeakHow related: Korean Leaks took place over three publication waves, resulting in the theft of over 1 million files and 2 TB of data from 28 victims.
About this happening: The **Qilin** leak site published stolen data from **28 victims** in **South Korea's financial sector**, exposing more than **1 million files** and **2 TB** of data. The disclosur...
Timeline
-
26.11.2025 16:31 2 articles · 6mo ago
Qilin Korean Leaks campaign against South Korean financial organizations
Initial DisclosureSouth Korea's financial sector was targeted by the Qilin ransomware campaign dubbed Korean Leaks, which used a compromised Managed Service Provider (MSP) as initial access and unfolded in three publication waves across September-October 2025, affecting 28 victims and leading to theft of over 1 million files and 2 TB of data.
Show sources
- Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist — thehackernews.com — 26.11.2025 16:31
- Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist — thehackernews.com — 26.11.2025 16:31