Qilin Ransomware Group Launches Massive “Korean Leak” Campaign Against Financial Sector
Qilin Ransomware Group Launches Massive “Korean Leak” Campaign Against Financial Sector
- Why Enterprise RAID Rebuilding Succeeds Where Consumer Arrays Fail?
- Linus Torvalds Rejects MMC Subsystem Updates for Linux 7.0: “Complete Garbage”
- The Man Who Maintained Sudo for 30 Years Now Struggles to Fund the Work That Powers Millions of Servers
- How Close Are Quantum Computers to Breaking RSA-2048?
- Why Windows 10 Users Are Flocking to Zorin OS 18 Instead of Linux Mint?
- How to Prevent Ransomware Infection Risks?
- What is the best alternative to Microsoft Office?
Qilin Ransomware Group Launches Massive “Korean Leak” Campaign Against Financial Sector
Major Supply Chain Attack Compromises 19 South Korean Asset Management Companies
September 28, 2024 – A sophisticated Russian-affiliated ransomware group called Qilin has claimed responsibility for a sweeping cyberattack dubbed “Korean Leak,” targeting South Korea’s financial sector and compromising sensitive data from at least 19 asset management companies over the past month.
Scale and Method of Attack
The Qilin ransomware group executed what cybersecurity experts are calling a devastating supply chain attack, infiltrating an IT service provider’s cloud infrastructure rather than targeting individual companies.
This strategic approach allowed the hackers to access massive amounts of data from multiple firms simultaneously, maximizing their impact while minimizing their effort.
According to South Korean cybersecurity firm SK Shieldus and Dubai-based threat intelligence company Hackmanac, the attack has resulted in the theft of extensive personal and financial information from thousands of investors, employees, and clients across the affected companies.
Compromised Organizations
Hackmanac revealed on September 15 through their X (formerly Twitter) account that the affected companies include:
- Bencore Investments
- Apex Asset Management
- Majesty Asset Management
- Melon Asset Management
- Taurus Asset Management
- LX Asset Management
- Human and Bridge Asset Management
- Awesome Asset Management
- Claraman Asset Management
- Forex Asset Management
- ST Asset Management Co.
- Broad High Asset Management
- EOS Asset Management
- Orum Asset Management
- Dblock Asset Management Co.
Additional companies are believed to be affected, with the total count reaching 19 according to the group’s claims.
Data Breach Details
The stolen information represents a comprehensive compromise of both personal and corporate data, including:
- Customer identification documents
- Corporate beneficial ownership records
- Family relationship certificates
- Employee resumes and personal records
- Bank account information and portfolio details
- National identification numbers (similar to Social Security numbers)
- Investment contracts and financial statements
- Internal corporate strategic documents
Particularly concerning are Qilin’s claims that they have obtained data on prominent business figures and politicians, raising potential national security implications.
Escalation Pattern
This attack represents a significant escalation in Qilin’s operations in South Korea.
The group first demonstrated its capabilities in August by targeting Welcome Financial Group, a major financial holding company.
Following that success, Qilin has now warned of plans to release data from “dozens more Korean financial companies,” suggesting this campaign is far from over.
Dark Web Extortion Campaign
True to ransomware group tactics, Qilin has begun releasing sample data on dark web platforms to pressure victims into paying ransoms.
The leaked samples serve as proof of their access and as intimidation tactics, demonstrating the group’s ability to expose highly sensitive personal and financial information.
Security Expert Warnings
SK Shieldus has issued stark warnings about the potential for secondary attacks, stating that the compromised data – particularly the inclusion of national identification numbers and detailed personal information – creates significant risks for phishing attacks, identity theft, and other forms of cybercrime targeting the affected individuals.
Rising Threat Landscape
Recent cybersecurity reports indicate that Qilin has emerged as one of the most active ransomware groups globally, with over 790 known victims according to ransomware tracking platforms.
The group’s sophisticated tactics and focus on high-value targets in the financial sector highlight the evolving nature of cybercrime threats facing critical infrastructure.
Industry Impact
The attack underscores vulnerabilities in South Korea’s financial technology ecosystem, particularly around third-party IT service providers that handle sensitive data for multiple organizations.
The successful supply chain attack methodology employed by Qilin demonstrates how a single point of compromise can cascade across numerous organizations.
Response and Investigation
South Korean authorities and cybersecurity firms are actively investigating the breach, working to assess the full scope of compromised data and implement protective measures for affected individuals and organizations.
The incident has prompted urgent discussions about enhanced cybersecurity protocols for financial service providers and their technology partners.
As the situation continues to develop, cybersecurity experts warn that this attack may represent a new phase in ransomware operations targeting Asia’s financial sector, with potential implications for regional economic stability and investor confidence.
This story is developing, and additional information will be updated as investigations proceed.
Quantum Computers Will Break Today’s Encryption And Hackers Are Already Preparing
Hackers Steal $570 Million in Crypto Tokens From Binance’s BNB Chain
