Cybersecurity News that Matters

Cybersecurity News that Matters

LockBit allegedly publishes 100GB of data on Hanwha Group

by Kuksung Nam, Areum Hwang

Sep. 26, 2023
11:58 AM GMT+9

LockBit ransomware group is reported to have released 100GB of data linked to South Korea’s Hanwha Group just last week.

On Tuesday, LockBit’s leak site revealed that the culprits had posted the domain address of Hanwha Group’s English website on September 8. They claimed to have obtained access to over 800GB of company-related data. For context, a leak site is a website on the dark web where cybercriminals upload the information that they have stolen from their victims.

The ransomware hacking group LockBit allegedly posted 100GB of data related to Hanwha Group on its dark web leak site on September 18. Source: The Readable

LockBit, which is recognized as one of the global heavyweights in cybercrime, unveiled eight images as proof of their illicit actions. Among them is an image partially revealing a document labeled “Confidentiality Agreement.” Based on the details visible within these images, the document appears to depict an agreement made between a division of Hanwha Group’s subsidiary in China and the South Korean steel giant, POSCO, back in 2014. Additional images that the criminals showcased include an Excel spreadsheet penned in Chinese and a document captioned “Equipment Purchase and Sale Agreement” dated 2010.

On their leak site, the cybercriminals announced their intention to release the data after a set deadline of September 18. Following the stipulated date, the perpetrators did unveil 100GB of data, but it was a mere fraction—only an eighth—of the volume they initially claimed to have stolen. While The Readable attempted to access and examine the shared data, it was found to be unavailable for download.

The affiliate company of Hanwha Group informed The Readable that they were aware of the data breach prior to the hacking group’s public announcement. However, they clarified that they could not reveal any further details about the incident, such as the origin of the breach, the veracity of the stolen documents, or any potential communication that they have had with the culprits, citing an ongoing investigation into the extent of the damage.


Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

Stay Ahead with The Readable's Cybersecurity Insights