Which South Korean asset management companies were affected by the Qilin ransomware attack?

Impacted companies include VANCHOR Asset Management, APEX Asset Management, Majesty Asset Management Co., Melon Asset Management Co., LX Asset Management, Human and Bridge Asset Management, Awesome Asset Management Co., Klarman Asset Management, and Pollex Asset Management Co., among others.

How did the Qilin ransomware group breach the South Korean asset management firms?

The attack occurred through a breach of an IT subcontractor's cloud server that was used mostly by local small and medium-sized private equity funds. The ransomware group gained access to this shared infrastructure, allowing them to compromise multiple asset management firms simultaneously.

What type of data was exposed in the Korean Leak cyberattack?

The exposed data includes tax-related documents, employee data and personal information, personal information of investors and clients, financial reports and customer lists, investment strategies and forecasts, corporate budgets and contracts, account statuses and portfolio information, and internal communications and strategic documents.

How much data did Qilin steal from VANCHOR Asset Management?

VANCHOR Asset Management reportedly suffered the loss of 27 gigabytes of data, including thousands of investor records, account statuses, and long-term strategy documents according to the ransomware group's claims.

What is South Korea's response to the Korean Leak cyberattack?

South Korea's Financial Supervisory Service (FSS) has begun a coordinated investigation with the National Police Agency's Cyber Bureau and is working with international partners, including Interpol. As of Monday, no confirmed cases of monetary damage or stolen credit information have been reported.

How many individuals were affected by the Korean Leak data breach?

The number of affected individuals has not been disclosed by authorities or the affected companies. The breach involved approximately 20 asset management firms and their clients and investors, but specific numbers remain undisclosed.

Incident

Qilin ransomware gang steals data of Korean funds after breaching IT subcontractor

Q: What is the 'Korean Leak' cyberattack by Qilin ransomware group?

The 'Korean Leak' is a cyberattack claimed by the ransomware group Qilin that compromised data from approximately 20 asset management firms in South Korea through a breach of an IT subcontractor's cloud server. The incident occurred in early September 2025 and was publicly claimed by Qilin on September 14, 2025.

Q: Has there been confirmed financial damage from the Korean Leak cyberattack?

According to South Korea's Financial Supervisory Service (FSS), as of Monday, no confirmed cases of monetary damage or stolen credit information have been reported from the Korean Leak cyberattack, though investigations are ongoing.

published: Sept. 22, 2025

Learn More

A cyberattack claimed by the ransomware group Qilin has compromised data from approximately 20 asset management firms in South Korea through a breach of an IT subcontractor's cloud server.

Qilin has dubbed the attack the "Korean Leak" campaign. The incident occurred in early September 2025, when a cloud server maintained by an IT subcontractor and used mostly by local small and medium-sized private equity funds hacked.

The attack was publicly claimed by Qilin on September 14, 2025, when the ransomware group began posting victim profiles on their dark web leak site, accompanied by samples of exfiltrated data. The breached IT subcontractor is not named.

Exposed data includes:

Tax-related documents
Employee data and personal information
Personal information of investors and clients
Financial reports and customer lists
Investment strategies and forecasts
Corporate budgets and contracts
Account statuses and portfolio information
Internal communications and strategic documents

Impacted companies include:

VANCHOR Asset Management reportedly suffered the loss of 27 gigabytes of data, including thousands of investor records, account statuses, and long-term strategy documents
APEX Asset Management
Majesty Asset Management Co.
Melon Asset Management Co.
LX Asset Management
Human and Bridge Asset Management
Awesome Asset Management Co.
Klarman Asset Management
Pollex Asset Management Co.

Hackers claim to have seized evidence of stock market manipulation at LX Asset Management, as well as collusion between Human and Bridge Asset Management and Majesty Asset Management.

The number of affected individuals has not been disclosed by authorities or the affected companies.

South Korea's Financial Supervisory Service (FSS) stated that, as of Monday, no confirmed cases of monetary damage or stolen credit information have been reported. Regulators have begun a coordinated investigation with the National Police Agency's Cyber Bureau and are working with international partners, including Interpol.

Qilin ransomware gang steals data of Korean funds after breaching IT subcontractor

Read More
Renault reports that UK customer data was exposed …
OpenAI reports third party data breach affecting API …
Cylance reports data breach caused by a 'Third-Party …
Swiss Air Force documents exposed via cyber attack …
North Mississippi Health Services reports MOVEit related data …