Cybersecurity

Qilin Ransomware Turns South Korean Msp Breach Into 28-victim...

2025-11-26 0 views admin
Qilin Ransomware Turns South Korean Msp Breach Into 28-victim...

South Korea's financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware.

"This operation combined the capabilities of a major Ransomware-as-a-Service (RaaS) group, Qilin, with potential involvement from North Korean state-affiliated actors (Moonstone Sleet), leveraging Managed Service Provider (MSP) compromise as the initial access vector," Bitdefender said in a report shared with The Hacker News.

Qilin has emerged as one of the most active ransomware operations this year, with the RaaS crew exhibiting "explosive growth" in the month of October 2025 by claiming over 180 victims. The group is responsible for 29% of all ransomware attacks, per data from NCC Group.

The Romanian cybersecurity company said it decided to dig deeper after uncovering an unusual spike in ransomware victims from South Korea in September 2025, when it became the second-most affected country by ransomware after the U.S., with 25 cases, a significant jump from an average of about 2 victims per month between September 2024 and August 2025.

Further analysis found that all 25 cases were attributed exclusively to the Qilin ransomware group, with 24 of the victims in the financial sector. The campaign was given the moniker Korean Leaks by the attackers themselves.

While Qilin's origins are likely Russian, the group describes itself as "political activists" and "patriots of the country." It follows a traditional affiliate model, which involves recruiting a diverse group of hackers to carry out the attacks in return for taking a small share of up to 20% of the illicit payments.

One particular affiliate of note is a North Korean threat actor tracked as Moonstone Sleet, which, according to Microsoft, has deployed a custom ransomware variant called FakePenny in an attack targeting an unnamed defense technology company in April 2024.

Then, earlier this February, a significant pivot occurred when the adversary was observed delivering Qilin ransomware at a limited number of organizations. While it's not exactly clear if the latest set of attacks was indeed carried out by the hacking group, the targeting of South Korean businesses aligns with its strategic objectives.

Korean Leaks took place over three publication waves, resulting in the theft of over 1 million files and 2 TB of data from 28 victims. Victim posts associated with four other entities were removed from the data leak site (DLS), suggesting

Source: The Hacker News

🏷️ Tags

cybersecuritysecurityhackbreachransomware

More from Cybersecurity

New Microsoft Is Retiring 'send To Kindle' In Word 2026

New Microsoft Is Retiring 'send To Kindle' In Word 2026

2026-01-11 0
Complete Guide to Breachforums Hacking Forum Database Leaked, Exposing 324,000 Accounts

Complete Guide to Breachforums Hacking Forum Database Leaked, Exposing 324,000 Accounts

2026-01-10 0
Update: Spain Arrests 34 Suspects Linked To Black Axe Cyber Crime 2026

Update: Spain Arrests 34 Suspects Linked To Black Axe Cyber Crime 2026

2026-01-10 0
Latest: Ireland Recalls Almost 13,000 Passports Over Missing 'irl' Code

Latest: Ireland Recalls Almost 13,000 Passports Over Missing 'irl' Code

2026-01-10 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views