qilin

Recent cybersecurity incidents have severely impacted the South Korean financial sector, as the Qilin ransomware group successfully infiltrated the systems of 28 financial institutions by attacking a managed service provider (MSP), stealing over 1 million documents and 2 TB of data. The attackers have named this incident "Korean Leaks," which was carried out in three waves, primarily targeting South Korean asset management companies.Security experts suspect that this attack may be linked to the North Korean hacker group Moonstone Sleet. When the attackers posted information on the data leak website, they not only demanded a ransom but also claimed to expose "systemic corruption" and "evidence of stock market manipulation," attempting to create panic in the South Korean financial market.

According to The Hacker News, the Qilin ransomware group launched a "Korean Leaks" supply chain attack by breaching the South Korean IT service provider GJTec, resulting in 28 financial companies being affected and over 1 million files totaling 2 TB of data being stolen.Bitdefender's investigation found that this operation is linked to the North Korean-backed APT "Moonstone Sleet," suspected of collaborating with the Russian-speaking Qilin group, aiming to exert pressure on the South Korean financial market.