Find notable cyber news and cases, enriched with sources, timelines, and signals.

South Korean financial-sector data leak in Qilin's Korean Leaks operation

Data Leak
First reported
Last updated
Happening score
H score 68
1 unique sources, 1 articles

Summary

Hide ▲

The Qilin leak site published stolen data from 28 victims in South Korea's financial sector, exposing more than 1 million files and 2 TB of data. The disclosures unfolded across three publication waves between September 14 and October 4, 2025, increasing extortion pressure and broadening the public exposure of sensitive records. The operation reportedly used a compromised MSP as the initial access vector, allowing one upstream breach to reach multiple downstream victims.

Related Happenings

Adriatic Port Authority data leak on Anubis

Data Leak
H score49 First: 15.06.2026 19:15 Last: 15.06.2026 19:15 Sources 1

About this happening: Stolen data from the **Adriatic Port Authority** was published on **Anubis**'s leak site, exposing **employee records**, **contracts**, and **port safety/security information** ti...

Adriatic Port Authority (Autorità di Sistema Portuale del hit by ransomware attack linked to Anubis

Incident
H score54 First: 15.06.2026 19:15 Last: 15.06.2026 19:15 Sources 1

About this happening: The **Adriatic Port Authority** suffered a **ransomware breach** that disrupted the **Italian port of Ancona** and exposed sensitive port records. The intrusion was tied to **Anub...

Miasma source code leak on GitHub

Data Leak
H score32 First: 10.06.2026 23:27 Last: 10.06.2026 23:27 Sources 1

About this happening: The **Miasma source code** was **briefly leaked on GitHub**, exposing malware framework code that could be copied, studied, and modified by other threat actors. The exposure repor...

Kimsuky March-April 2026 campaign against South Korean military and corporate entities

Campaign
H score38 First: 29.05.2026 08:57 Last: 29.05.2026 08:57 Sources 1

About this happening: The **Kimsuky** campaign ran through **March and April 2026**, using **spoofed security-installation pages** and a **fake Webex lure** against **South Korean military and corporat...

Unnamed organization stolen data published on DLS

Data Leak
H score35 First: 06.05.2026 16:00 Last: 06.05.2026 16:00 Sources 1

About this happening: **Stolen data** from an **unnamed organization** was later posted on a **data leak site (DLS)**, confirming exposure and increasing extortion pressure. The publication followed an...

Timeline

  1. 26.11.2025 16:31 1 articles · 7mo ago

    Qilin leak-site publication of 10 South Korean financial victims

    Initial Disclosure

    Qilin's leak site published a first wave of 10 victims from South Korea's financial management sector on September 14, 2025, and framed the disclosures as a public-service effort to expose systemic corruption, including threats to release files described as evidence of stock market manipulation and names of well-known politicians and businessmen in Korea.

    Show sources
  2. 26.11.2025 16:31 1 articles · 7mo ago

    Second Qilin publication wave escalates pressure on the Korean financial market

    Victim Impact Update

    On September 17, 2025, Qilin began a second publication wave that added nine more victims and escalated the pressure by warning that stolen data could pose a severe risk to the Korean financial market while urging South Korean authorities to investigate the case.

    Show sources
  3. 26.11.2025 16:31 1 articles · 7mo ago

    Third Qilin publication wave shifts toward standard extortion language

    Victim Impact Update

    On September 28, 2025, Qilin began a third publication wave that added nine more victims and shifted the messaging from national financial-crisis themes toward language that more closely resembled its usual financially motivated extortion posts.

    Show sources
  4. 26.11.2025 16:31 2 articles · 7mo ago

    Analysis links Korean Leaks to a compromised upstream MSP

    Technical Analysis Update

    Analysis tied Korean Leaks to a compromised upstream Managed Service Provider (MSP), described a single breach that enabled compromise of several downstream victims, and said the operation exposed over 1 million files and 2 TB of data across 28 victims while indicating possible Moonstone Sleet involvement alongside Qilin.

    Show sources