South Korean financial-sector data leak in Qilin's Korean Leaks operation
Data Leak
Summary
Hide ▲
Show ▼
The Qilin leak site published stolen data from 28 victims in South Korea's financial sector, exposing more than 1 million files and 2 TB of data. The disclosures unfolded across three publication waves between September 14 and October 4, 2025, increasing extortion pressure and broadening the public exposure of sensitive records. The operation reportedly used a compromised MSP as the initial access vector, allowing one upstream breach to reach multiple downstream victims.
Related Happenings
Unnamed organization stolen data published on DLS
Data Leak
First: 06.05.2026 16:00
Last: 06.05.2026 16:00
Sources 1
About this happening:
**Stolen data** from an **unnamed organization** was later posted on a **data leak site (DLS)**, confirming exposure and increasing extortion pressure. The publication followed an...
Unnamed organization stolen data published on DLS
Data LeakAbout this happening: **Stolen data** from an **unnamed organization** was later posted on a **data leak site (DLS)**, confirming exposure and increasing extortion pressure. The publication followed an...
Conpet claimed document leak
Data Leak
First: 05.02.2026 17:15
Last: 05.02.2026 17:15
Sources 1
About this happening:
**Conpet** is facing a claimed **data leak** after the **Qilin ransomware gang** said it stole nearly **1TB of documents** and published sample files, raising exposure risk for in...
Conpet claimed document leak
Data LeakAbout this happening: **Conpet** is facing a claimed **data leak** after the **Qilin ransomware gang** said it stole nearly **1TB of documents** and published sample files, raising exposure risk for in...
ShinyHunters data-leak site exposing stolen attack data
Data Leak
First: 31.01.2026 17:02
Last: 31.01.2026 17:02
Sources 1
About this happening:
The **ShinyHunters** extortion gang launched a **data-leak site**, beginning to publish data tied to the theft campaign and raising the exposure risk for victims.
ShinyHunters data-leak site exposing stolen attack data
Data LeakAbout this happening: The **ShinyHunters** extortion gang launched a **data-leak site**, beginning to publish data tied to the theft campaign and raising the exposure risk for victims.
2025 SMB breach targeting surge in the Data Breach Observatory
Target Trend
First: 24.12.2025 13:30
Last: 24.12.2025 13:30
Sources 1
About this happening:
**Small and medium-sized businesses (SMBs)** became the top cybercrime target in **2025**, shifting breach pressure toward smaller organizations that often have fewer defenses. Th...
2025 SMB breach targeting surge in the Data Breach Observatory
Target TrendAbout this happening: **Small and medium-sized businesses (SMBs)** became the top cybercrime target in **2025**, shifting breach pressure toward smaller organizations that often have fewer defenses. Th...
Qilin Korean Leaks campaign targeting South Korean financial-sector organizations
Campaign
First: 26.11.2025 16:31
Last: 26.11.2025 16:31
Sources 1
How related:
The campaign was given the moniker Korean Leaks by the attackers themselves.
About this happening:
**Qilin** ran **Korean Leaks**, a **multi-wave** extortion campaign that hit **South Korean financial organizations** across **September-October 2025**. The operation spread throu...
Qilin Korean Leaks campaign targeting South Korean financial-sector organizations
CampaignHow related: The campaign was given the moniker Korean Leaks by the attackers themselves.
About this happening: **Qilin** ran **Korean Leaks**, a **multi-wave** extortion campaign that hit **South Korean financial organizations** across **September-October 2025**. The operation spread throu...
Timeline
-
26.11.2025 16:31 1 articles · 6mo ago
Qilin leak-site publication of 10 South Korean financial victims
Initial DisclosureQilin's leak site published a first wave of 10 victims from South Korea's financial management sector on September 14, 2025, and framed the disclosures as a public-service effort to expose systemic corruption, including threats to release files described as evidence of stock market manipulation and names of well-known politicians and businessmen in Korea.
Show sources
- Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist — thehackernews.com — 26.11.2025 16:31
-
26.11.2025 16:31 1 articles · 6mo ago
Second Qilin publication wave escalates pressure on the Korean financial market
Victim Impact UpdateOn September 17, 2025, Qilin began a second publication wave that added nine more victims and escalated the pressure by warning that stolen data could pose a severe risk to the Korean financial market while urging South Korean authorities to investigate the case.
Show sources
- Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist — thehackernews.com — 26.11.2025 16:31
-
26.11.2025 16:31 1 articles · 6mo ago
Third Qilin publication wave shifts toward standard extortion language
Victim Impact UpdateOn September 28, 2025, Qilin began a third publication wave that added nine more victims and shifted the messaging from national financial-crisis themes toward language that more closely resembled its usual financially motivated extortion posts.
Show sources
- Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist — thehackernews.com — 26.11.2025 16:31
-
26.11.2025 16:31 2 articles · 6mo ago
Analysis links Korean Leaks to a compromised upstream MSP
Technical Analysis UpdateAnalysis tied Korean Leaks to a compromised upstream Managed Service Provider (MSP), described a single breach that enabled compromise of several downstream victims, and said the operation exposed over 1 million files and 2 TB of data across 28 victims while indicating possible Moonstone Sleet involvement alongside Qilin.
Show sources
- Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist — thehackernews.com — 26.11.2025 16:31
- Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist — thehackernews.com — 26.11.2025 16:31