IT services firm in South Asia data exposed after Spirals breach
Data Leak
Summary
Hide ▲
Show ▼
Spirals stole data from an IT services firm in South Asia, creating extortion leverage and a threat of public exposure. The intrusion moved from initial access to data theft and encryption in less than 24 hours. Attackers compromised a public-facing IIS server, uploaded an ASP.NET web shell, and later threatened to release the stolen data within six days unless paid. The fast theft-and-extortion sequence increases the risk of follow-on disclosure and pressure on the victim.
Related Happenings
IT services firm in South Asia hit by ransomware attack
Incident
H score31
First: 16.07.2026 13:00
Last: 16.07.2026 13:00
Sources 1
How related:
A new ransomware actor called Spirals completed a corporate intrusion, from initial access to data theft and encryption, in less than 24 hours.
About this happening:
The IT services firm in South Asia suffered a Spirals ransomware intrusion that moved from initial access to data theft and encryption in less than 24 hours, putti...
IT services firm in South Asia hit by ransomware attack
IncidentHow related: A new ransomware actor called Spirals completed a corporate intrusion, from initial access to data theft and encryption, in less than 24 hours.
About this happening: The IT services firm in South Asia suffered a Spirals ransomware intrusion that moved from initial access to data theft and encryption in less than 24 hours, putti...
Charter Communications hit by network compromise linked to ShinyHunters
Incident
H score70
First: 26.05.2026 22:46
Last: 26.05.2026 22:46
Sources 1
About this happening:
Charter Communications confirmed a data breach tied to ShinyHunters extortion, with the company saying it is alerting authorities and that no sensitive personal...
Charter Communications hit by network compromise linked to ShinyHunters
IncidentAbout this happening: Charter Communications confirmed a data breach tied to ShinyHunters extortion, with the company saying it is alerting authorities and that no sensitive personal...
Latest development: 29.05.2026 11:29
Have I Been Pwned analyzed leaked Charter Communications data and confirmed that the incident affected 4.9 million accounts, with exposed records including names, email addresses, job titles, phone numbers, and physical addresses. The published data also included a subset of about 85,000 records from an internal employee directory.
Unnamed organization stolen data published on DLS
Data Leak
H score35
First: 06.05.2026 16:00
Last: 06.05.2026 16:00
Sources 1
About this happening:
Stolen data from an unnamed organization was later posted on a data leak site (DLS), confirming exposure and increasing extortion pressure. The publication followed an...
Unnamed organization stolen data published on DLS
Data LeakAbout this happening: Stolen data from an unnamed organization was later posted on a data leak site (DLS), confirming exposure and increasing extortion pressure. The publication followed an...
Qilin Korean Leaks campaign targeting South Korean financial-sector organizations
Campaign
H score73
First: 26.11.2025 16:31
Last: 26.11.2025 16:31
Sources 1
About this happening:
Qilin ran Korean Leaks, a multi-wave extortion campaign that hit South Korean financial organizations across September-October 2025. The operation spread throu...
Qilin Korean Leaks campaign targeting South Korean financial-sector organizations
CampaignAbout this happening: Qilin ran Korean Leaks, a multi-wave extortion campaign that hit South Korean financial organizations across September-October 2025. The operation spread throu...
South Korean financial-sector data leak in Qilin's Korean Leaks operation
Data Leak
H score68
First: 26.11.2025 16:31
Last: 26.11.2025 16:31
Sources 1
About this happening:
The Qilin leak site published stolen data from 28 victims in South Korea's financial sector, exposing more than 1 million files and 2 TB of data. The disclosur...
South Korean financial-sector data leak in Qilin's Korean Leaks operation
Data LeakAbout this happening: The Qilin leak site published stolen data from 28 victims in South Korea's financial sector, exposing more than 1 million files and 2 TB of data. The disclosur...
Timeline
-
16.07.2026 13:00 2 articles · 1h ago
Spirals completed a corporate intrusion at an IT services firm in South Asia
Initial DisclosureSpirals breached an IT services firm in South Asia after compromising a public-facing Internet Information Services (IIS) server, then uploaded an ASP.NET web shell, bypassed User Account Control (UAC), enabled Remote Desktop, created a local account, dumped SAM and LSASS, moved laterally to more than a dozen systems, disabled Microsoft Defender and services tied to backup, database, and virtualization products, and deployed the bitsadmin.exe payload less than 24 hours after the initial compromise. The intrusion included data theft, file encryption, a ransom note named RECOVERY_SECTION.log, and a threat to expose stolen data within six days unless payment was made.
Show sources
- New Spirals ransomware encrypts victim network in under 24 hours — www.bleepingcomputer.com — 16.07.2026 13:00
- New Spirals ransomware encrypts victim network in under 24 hours — www.bleepingcomputer.com — 16.07.2026 13:00