Find notable cyber news and cases, enriched with sources, timelines, and signals.

IT services firm in South Asia data exposed after Spirals breach

Data Leak
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

Spirals stole data from an IT services firm in South Asia, creating extortion leverage and a threat of public exposure. The intrusion moved from initial access to data theft and encryption in less than 24 hours. Attackers compromised a public-facing IIS server, uploaded an ASP.NET web shell, and later threatened to release the stolen data within six days unless paid. The fast theft-and-extortion sequence increases the risk of follow-on disclosure and pressure on the victim.

Related Happenings

IT services firm in South Asia hit by ransomware attack

Incident
H score31 First: 16.07.2026 13:00 Last: 16.07.2026 13:00 Sources 1

How related: A new ransomware actor called Spirals completed a corporate intrusion, from initial access to data theft and encryption, in less than 24 hours.

About this happening: The IT services firm in South Asia suffered a Spirals ransomware intrusion that moved from initial access to data theft and encryption in less than 24 hours, putti...

Charter Communications hit by network compromise linked to ShinyHunters

Incident
H score70 First: 26.05.2026 22:46 Last: 26.05.2026 22:46 Sources 1

About this happening: Charter Communications confirmed a data breach tied to ShinyHunters extortion, with the company saying it is alerting authorities and that no sensitive personal...

Latest development: 29.05.2026 11:29

Have I Been Pwned analyzed leaked Charter Communications data and confirmed that the incident affected 4.9 million accounts, with exposed records including names, email addresses, job titles, phone numbers, and physical addresses. The published data also included a subset of about 85,000 records from an internal employee directory.

Unnamed organization stolen data published on DLS

Data Leak
H score35 First: 06.05.2026 16:00 Last: 06.05.2026 16:00 Sources 1

About this happening: Stolen data from an unnamed organization was later posted on a data leak site (DLS), confirming exposure and increasing extortion pressure. The publication followed an...

Qilin Korean Leaks campaign targeting South Korean financial-sector organizations

Campaign
H score73 First: 26.11.2025 16:31 Last: 26.11.2025 16:31 Sources 1

About this happening: Qilin ran Korean Leaks, a multi-wave extortion campaign that hit South Korean financial organizations across September-October 2025. The operation spread throu...

South Korean financial-sector data leak in Qilin's Korean Leaks operation

Data Leak
H score68 First: 26.11.2025 16:31 Last: 26.11.2025 16:31 Sources 1

About this happening: The Qilin leak site published stolen data from 28 victims in South Korea's financial sector, exposing more than 1 million files and 2 TB of data. The disclosur...

Timeline

  1. 16.07.2026 13:00 2 articles · 1h ago

    Spirals completed a corporate intrusion at an IT services firm in South Asia

    Initial Disclosure

    Spirals breached an IT services firm in South Asia after compromising a public-facing Internet Information Services (IIS) server, then uploaded an ASP.NET web shell, bypassed User Account Control (UAC), enabled Remote Desktop, created a local account, dumped SAM and LSASS, moved laterally to more than a dozen systems, disabled Microsoft Defender and services tied to backup, database, and virtualization products, and deployed the bitsadmin.exe payload less than 24 hours after the initial compromise. The intrusion included data theft, file encryption, a ransom note named RECOVERY_SECTION.log, and a threat to expose stolen data within six days unless payment was made.

    Show sources