LockBit ransomware group is reported to have released 100GB of data linked to South Korea’s Hanwha Group just last week.
On Tuesday, LockBit’s leak site revealed that the culprits had posted the domain address of Hanwha Group’s English website on September 8. They claimed to have obtained access to over 800GB of company-related data. For context, a leak site is a website on the dark web where cybercriminals upload the information that they have stolen from their victims.
LockBit, which is recognized as one of the global heavyweights in cybercrime, unveiled eight images as proof of their illicit actions. Among them is an image partially revealing a document labeled “Confidentiality Agreement.” Based on the details visible within these images, the document appears to depict an agreement made between a division of Hanwha Group’s subsidiary in China and the South Korean steel giant, POSCO, back in 2014. Additional images that the criminals showcased include an Excel spreadsheet penned in Chinese and a document captioned “Equipment Purchase and Sale Agreement” dated 2010.
On their leak site, the cybercriminals announced their intention to release the data after a set deadline of September 18. Following the stipulated date, the perpetrators did unveil 100GB of data, but it was a mere fraction—only an eighth—of the volume they initially claimed to have stolen. While The Readable attempted to access and examine the shared data, it was found to be unavailable for download.
The affiliate company of Hanwha Group informed The Readable that they were aware of the data breach prior to the hacking group’s public announcement. However, they clarified that they could not reveal any further details about the incident, such as the origin of the breach, the veracity of the stolen documents, or any potential communication that they have had with the culprits, citing an ongoing investigation into the extent of the damage.