Qilin Ransomware Group Attacks South Korea: Data of 20 Asset Managers Stolen

In early September, South Korea experienced a major cyberattack that affected nearly twenty asset management firms. According to industry sources, the breach was carried out through a cloud server belonging to an IT contractor, a platform predominantly used by small and mid-sized private equity funds. Responsibility for the attack was claimed by the Qilin group, notorious for its ransomware campaigns.

The hackers declared that they had stolen corporate tax records, employee information, and investors’ personal data. However, South Korean financial regulators emphasized that there is, as yet, no evidence of leaked credit information that could result in direct financial losses. Oversight authorities noted that they had been alerted to the situation in advance and continue to monitor developments closely.

This incident represents yet another link in the chain of large-scale assaults on the nation’s financial sector. Previously, cybercriminals targeted Lotte Card—the fifth-largest credit card issuer in South Korea—compromising the data of roughly three million customers. The latest breach attributed to Qilin underscores a troubling trend: attackers are increasingly exploiting contractors and third-party services as vulnerable gateways to access sensitive data across multiple organizations simultaneously.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy