South Korean financial-sector data leak in Qilin's Korean Leaks operation
Data Leak
Summary
Hide ▲
Show ▼
The Qilin leak site published stolen data from 28 victims in South Korea's financial sector, exposing more than 1 million files and 2 TB of data. The disclosures unfolded across three publication waves between September 14 and October 4, 2025, increasing extortion pressure and broadening the public exposure of sensitive records. The operation reportedly used a compromised MSP as the initial access vector, allowing one upstream breach to reach multiple downstream victims.
Related Happenings
Adriatic Port Authority data leak on Anubis
Data Leak
H score49
First: 15.06.2026 19:15
Last: 15.06.2026 19:15
Sources 1
About this happening:
Stolen data from the **Adriatic Port Authority** was published on **Anubis**'s leak site, exposing **employee records**, **contracts**, and **port safety/security information** ti...
Adriatic Port Authority data leak on Anubis
Data LeakAbout this happening: Stolen data from the **Adriatic Port Authority** was published on **Anubis**'s leak site, exposing **employee records**, **contracts**, and **port safety/security information** ti...
Adriatic Port Authority (Autorità di Sistema Portuale del hit by ransomware attack linked to Anubis
Incident
H score54
First: 15.06.2026 19:15
Last: 15.06.2026 19:15
Sources 1
About this happening:
The **Adriatic Port Authority** suffered a **ransomware breach** that disrupted the **Italian port of Ancona** and exposed sensitive port records. The intrusion was tied to **Anub...
Adriatic Port Authority (Autorità di Sistema Portuale del hit by ransomware attack linked to Anubis
IncidentAbout this happening: The **Adriatic Port Authority** suffered a **ransomware breach** that disrupted the **Italian port of Ancona** and exposed sensitive port records. The intrusion was tied to **Anub...
Miasma source code leak on GitHub
Data Leak
H score32
First: 10.06.2026 23:27
Last: 10.06.2026 23:27
Sources 1
About this happening:
The **Miasma source code** was **briefly leaked on GitHub**, exposing malware framework code that could be copied, studied, and modified by other threat actors. The exposure repor...
Miasma source code leak on GitHub
Data LeakAbout this happening: The **Miasma source code** was **briefly leaked on GitHub**, exposing malware framework code that could be copied, studied, and modified by other threat actors. The exposure repor...
Kimsuky March-April 2026 campaign against South Korean military and corporate entities
Campaign
H score38
First: 29.05.2026 08:57
Last: 29.05.2026 08:57
Sources 1
About this happening:
The **Kimsuky** campaign ran through **March and April 2026**, using **spoofed security-installation pages** and a **fake Webex lure** against **South Korean military and corporat...
Kimsuky March-April 2026 campaign against South Korean military and corporate entities
CampaignAbout this happening: The **Kimsuky** campaign ran through **March and April 2026**, using **spoofed security-installation pages** and a **fake Webex lure** against **South Korean military and corporat...
Unnamed organization stolen data published on DLS
Data Leak
H score35
First: 06.05.2026 16:00
Last: 06.05.2026 16:00
Sources 1
About this happening:
**Stolen data** from an **unnamed organization** was later posted on a **data leak site (DLS)**, confirming exposure and increasing extortion pressure. The publication followed an...
Unnamed organization stolen data published on DLS
Data LeakAbout this happening: **Stolen data** from an **unnamed organization** was later posted on a **data leak site (DLS)**, confirming exposure and increasing extortion pressure. The publication followed an...
Timeline
-
26.11.2025 16:31 1 articles · 7mo ago
Qilin leak-site publication of 10 South Korean financial victims
Initial DisclosureQilin's leak site published a first wave of 10 victims from South Korea's financial management sector on September 14, 2025, and framed the disclosures as a public-service effort to expose systemic corruption, including threats to release files described as evidence of stock market manipulation and names of well-known politicians and businessmen in Korea.
Show sources
- Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist — thehackernews.com — 26.11.2025 16:31
-
26.11.2025 16:31 1 articles · 7mo ago
Second Qilin publication wave escalates pressure on the Korean financial market
Victim Impact UpdateOn September 17, 2025, Qilin began a second publication wave that added nine more victims and escalated the pressure by warning that stolen data could pose a severe risk to the Korean financial market while urging South Korean authorities to investigate the case.
Show sources
- Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist — thehackernews.com — 26.11.2025 16:31
-
26.11.2025 16:31 1 articles · 7mo ago
Third Qilin publication wave shifts toward standard extortion language
Victim Impact UpdateOn September 28, 2025, Qilin began a third publication wave that added nine more victims and shifted the messaging from national financial-crisis themes toward language that more closely resembled its usual financially motivated extortion posts.
Show sources
- Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist — thehackernews.com — 26.11.2025 16:31
-
26.11.2025 16:31 2 articles · 7mo ago
Analysis links Korean Leaks to a compromised upstream MSP
Technical Analysis UpdateAnalysis tied Korean Leaks to a compromised upstream Managed Service Provider (MSP), described a single breach that enabled compromise of several downstream victims, and said the operation exposed over 1 million files and 2 TB of data across 28 victims while indicating possible Moonstone Sleet involvement alongside Qilin.
Show sources
- Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist — thehackernews.com — 26.11.2025 16:31
- Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist — thehackernews.com — 26.11.2025 16:31