The notorious Qilin ransomware group has added another high-profile name to its growing list of victims: SK Group, South Korea’s second-largest conglomerate and a Fortune 100 global energy and manufacturing powerhouse. The group claims to have exfiltrated over 1 terabyte of sensitive data, now threatened with public release unless SK makes contact within 48 hours.
The announcement appeared on Qilin’s dark web leak portal early Thursday morning. While no file samples were provided as proof at the time of the post, the threat was clear: cooperate—or face data exposure. By Friday, Qilin updated the listing with a single image showing SK executives on a video call with a U.S. official, triggering speculation about the nature of the data, which may include business dealings, government partnerships, or internal communications.
One dark web commenter quipped under the image, “Is the U.S. investing? Interesting, of course. Now there will be many people willing to buy such information.”
SK Group, based in Seoul, operates across energy, semiconductors, telecommunications, EV batteries, biotech, and ICT, boasting 260 global affiliates and 80,000+ employees. With over $50 billion invested in the U.S. across 20 states, it’s become a strategic player in American industry—and now a lucrative target for extortion.
This attack marks another escalation in Qilin’s 2025 offensive, which includes previous attacks on England’s Synovois Labs, the Houston Symphony, Detroit’s PBS, and Lee Enterprises, a major U.S. newspaper chain. According to Ransomlooker, Qilin has clocked 256 confirmed victims, a one-third jump in less than two months.
Operating under a ransomware-as-a-service (RaaS) model, Qilin specializes in double extortion, demanding payment not just for decryption but to prevent sensitive file leaks. Their arsenal includes AI-enhanced phishing kits, obfuscation tools, and supply chain exploits.
Cyber analysts say this claim—if proven true—could mark Qilin’s largest data breach to date, potentially exposing intellectual property, trade secrets, and diplomatic or governmental interactions.
SK Group has not publicly confirmed the breach, and U.S. representatives have not responded to inquiries. However, if the threat proves credible, the implications may stretch beyond corporate loss—possibly spilling into national economic security and geopolitical friction.
As Qilin solidifies itself as a top-tier ransomware actor, this event underscores the evolving threat of state-adjacent cybercriminal networks and their growing presence across darknet intelligence markets.
