LockBit allegedly publishes 100GB of data on Hanwha Group

By Kuksung Nam, The Readable
Sep. 26, 2023 8:58PM GMT+9

LockBit ransomware group is reported to have released 100GB of data linked to South Korea’s Hanwha Group just last week.

On Tuesday, LockBit’s leak site revealed that the culprits had posted the domain address of Hanwha Group’s English website on September 8. They claimed to have obtained access to over 800GB of company-related data. For context, a leak site is a website on the dark web where cybercriminals upload the information that they have stolen from their victims.

The ransomware hacking group LockBit allegedly posted 100GB of data related to Hanwha Group on its dark web leak site on September 18. Source: The Readable

LockBit, which is recognized as one of the global heavyweights in cybercrime, unveiled eight images as proof of their illicit actions. Among them is an image partially revealing a document labeled “Confidentiality Agreement.” Based on the details visible within these images, the document appears to depict an agreement made between a division of Hanwha Group’s subsidiary in China and the South Korean steel giant, POSCO, back in 2014. Additional images that the criminals showcased include an Excel spreadsheet penned in Chinese and a document captioned “Equipment Purchase and Sale Agreement” dated 2010.

On their leak site, the cybercriminals announced their intention to release the data after a set deadline of September 18. Following the stipulated date, the perpetrators did unveil 100GB of data, but it was a mere fraction—only an eighth—of the volume they initially claimed to have stolen. While The Readable attempted to access and examine the shared data, it was found to be unavailable for download.

The affiliate company of Hanwha Group informed The Readable that they were aware of the data breach prior to the hacking group’s public announcement. However, they clarified that they could not reveal any further details about the incident, such as the origin of the breach, the veracity of the stolen documents, or any potential communication that they have had with the culprits, citing an ongoing investigation into the extent of the damage.


The cover image of this article was designed by Areum Hwang.

Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and privacy by engaging with industry giants, foreign government officials and experts. Before joining The Readable, Kuksung reported on politics for one of South Korea’s top-five local newspapers, The Kyeongin Ilbo. Her journalistic skills and reportage earned her the coveted Journalists Association of Korea award in 2021 for her essay detailing exclusive stories about the misconduct of a former government official. She holds a Bachelor’s degree in French from Hankuk University of Foreign Studies, a testament to her linguistic capabilities.