LockBit gang threatens to leak data of Korean conglomerate Hanwha

Lockbit has issued an announcement that it will publicly release over 800 GB of data belonging to the South Korean conglomerate, Hanwha, within the next seven days if a ransom is not paid. This announcement was made on September 8 through its darknet leak site, accompanied by a sample of documents to validate the legitimacy of the data.

Hanwha has not issued any information about the breach.

Hanwha, a significant chaebol (family-run conglomerate) in South Korea, operates in various sectors, including solar energy, aerospace, travel, and defense. While the potential data leak from such a prominent company could make major headlines, the information currently on display appears less impactful than LockBit suggests.

Of the documents shared, only one, likely a blueprint or layout, dates from the recent year 2020, while the remaining seven documents range from 2009 to 2014. These documents are related to Hanwha SolarOne, a division that no longer seems to exist. Hanwha now operates its solar energy business under the Q Cell brand, and there is no apparent mention of the modern incarnation in the leaked data.

The exposed data includes shipping insurance details, purchase agreements, and confidentiality contracts. Additionally, a screenshot of the directory reveals numerous folders, potentially containing financial, logistical, and human resources information. One folder is labeled "Sonarone," suggesting the possibility of more recent Hanwha operations.

In total, the data comprises 864 gigabytes, encompassing 704,372 files, according to the screenshot provided. LockBit has not disclosed the specific ransom amount they seek to extort from Hanwha, leaving the company and cybersecurity experts to assess the situation.