South Korea’s financial sector was targeted in a sophisticated supply chain attack involving Qilin ransomware, linked to North Korean threat actors. The campaign, called “Korean Leaks,” involved data leaks, propaganda, and financial extortion, highlighting vulnerabilities in MSP security. #Qilin #MoonstoneSleet
Keypoints
- The attack was part of a supply chain operation using a compromised Managed Service Provider (MSP).
- Qilin ransomware claimed over 180 victims in October 2025, making up 29% of attacks this year.
- The “Korean Leaks” campaign involved data theft, propaganda, and political messaging aimed at South Korea’s financial sector.
- Threat actors, including North Korean group Moonstone Sleet, are involved in deploying ransomware variants like FakePenny.
- Organizations are advised to enforce MFA, restrict access with PoLP, and segment sensitive systems to mitigate risks.
Read More: https://thehackernews.com/2025/11/qilin-ransomware-turns-south-korean-msp.html