Home > Security > Security News

Qilin Member Gives Two Days to South Korean Company SK Group for Ransom Payment

Published on April 10, 2025
Written by:
Vishwa Pandagle
Vishwa Pandagle
Cybersecurity Staff Editor
Hacker in Red and with glasses and artistic look

SK Group, a South Korean manufacturing and services conglomerate, has been named a ransomware victim on the dark web. The Qilin ransomware group claimed responsibility for the alleged cyber attack on April 10. 

Cybersecurity Analyst Dominic Alvieri shared the threat intelligence on X. Headquartered in Seoul, SK Group is second to the Samsung Group in revenue in South Korea.

Screenshot of the dark web message by the Qilin group
Screenshot of the dark web message by the Qilin group | Source: HackManac on X

Qilin wrote, “Over 1 TB of files downloaded from their servers. Company has 48 hours to contact us before we published the data.”

It is not clear if Qilin was denied a ransom, following which they took to the dark web to threaten and pressure the company. 

Displaying knowledge about the financial investments of the targeted company, Qilin wrote that the SK Group was investing in businesses and expanding its local operations in electric vehicle batteries, life sciences, technology, and more.

Based on the currently available details, it is not clear how the hackers gained access to the 1TB of data they claim to have stolen from the company. Nor is the ransom amount noted in the threat intelligence posts.

We approached the company for a comment about the security incident. We will update this report upon receiving a response from them.

Qilin claiming the SMC group cyber attack
Qilin claiming the SMC Corporation cyber attack | Source: Kela

Qilin recently posted about extorting SMC Corporation, a Japanese company. They allegedly targeted the company’s European corporate and customer data. Similar to the SK Group breach, in this incident, they exfiltrated about 1TB of data.

Threat intelligence firm Cyble noted in its report that Qilin, also known as Agenda, offers its ransomware to other cybercriminals in exchange for a share of the ransom. Following a ransomware-as-a-service (RaaS) model, the group uses valid account details to gain initial access.

“These accounts are often obtained through leaked credentials or purchased on underground forums,” read the Cyble report.

Add a Comment
Related
Rhysida Ransomware Targets US Architecture and Engineering Company ‘LaBella Associates’
Court Order on Piracy IPTV
DRM-Free OnlyFans Downloads Lead to Widevine Project Removal from GitHub
tracking
Data from Internet-Connected Vehicles Could Be Used in Govt Surveillance by Law Enforcement Agencies
Cybersecurity Firm Owner Faces Malware-Installation Allegations at US Hospital
Former NYC Teacher Charged with Distribution of Child Pornography via Messaging App
Discovery of Fog Ransomware Affiliate's Open Directory Highlights Expanded Threat Landscape
Most Popular
Rhysida Ransomware Targets US Architecture and Engineering Company ‘LaBella Associates’
Court Order on Piracy IPTV
DRM-Free OnlyFans Downloads Lead to Widevine Project Removal from GitHub
tracking
Data from Internet-Connected Vehicles Could Be Used in Govt Surveillance by Law Enforcement Agencies
Cybersecurity Firm Owner Faces Malware-Installation Allegations at US Hospital
Former NYC Teacher Charged with Distribution of Child Pornography via Messaging App
Star Wars: Tales of the Underworld
Star Wars: Tales of the Underworld — All we know so far About the dark new Chapter of the Tales Series
Rhysida Ransomware Targets US Architecture and Engineering Company ‘LaBella Associates’
DRM-Free OnlyFans Downloads Lead to Widevine Project Removal from GitHub
Data from Internet-Connected Vehicles Could Be Used in Govt Surveillance by Law Enforcement Agencies
Cybersecurity Firm Owner Faces Malware-Installation Allegations at US Hospital
Former NYC Teacher Charged with Distribution of Child Pornography via Messaging App
Star Wars: Tales of the Underworld — All we know so far About the dark new Chapter of the Tales Series

Most Popular
Rhysida Ransomware Targets US Architecture and Engineering Company ‘LaBella Associates’
Court Order on Piracy IPTV
DRM-Free OnlyFans Downloads Lead to Widevine Project Removal from GitHub
tracking
Data from Internet-Connected Vehicles Could Be Used in Govt Surveillance by Law Enforcement Agencies
Cybersecurity Firm Owner Faces Malware-Installation Allegations at US Hospital
Former NYC Teacher Charged with Distribution of Child Pornography via Messaging App
Star Wars: Tales of the Underworld
Star Wars: Tales of the Underworld — All we know so far About the dark new Chapter of the Tales Series
Rhysida Ransomware Targets US Architecture and Engineering Company ‘LaBella Associates’
DRM-Free OnlyFans Downloads Lead to Widevine Project Removal from GitHub
Data from Internet-Connected Vehicles Could Be Used in Govt Surveillance by Law Enforcement Agencies
Cybersecurity Firm Owner Faces Malware-Installation Allegations at US Hospital
Former NYC Teacher Charged with Distribution of Child Pornography via Messaging App
Star Wars: Tales of the Underworld — All we know so far About the dark new Chapter of the Tales Series

TechNadu keeps you informed with the latest in cybersecurity, VPNs, streaming, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2025 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: