Qilin Ransomware Strikes Globally: Asahi and South Korean Financial Sector Hit in Major Campaigns

Publication Date: November 29, 2025

Summary

This cybersecurity brief for November 29, 2025, covers a series of high-impact attacks led by the Qilin ransomware group, including a massive data breach at Japanese beverage giant Asahi affecting nearly 2 million individuals and a sophisticated supply-chain attack that compromised 28 South Korean financial firms. Additional major events include espionage campaigns by APT groups Bloody Wolf and APT36, data breaches at Under Armour and DoorDash, and a cloud misconfiguration incident at Oracle. The period was marked by significant ransomware activity, nation-state espionage, and supply chain vulnerabilities.

Today New Articles

Asahi Confirms Qilin Ransomware Breach Exposed Data of Nearly 2 Million

Japanese beverage giant Asahi Group Holdings has confirmed a September 2025 ransomware attack by the Qilin group resulted in a massive data breach affecting 1.914 million individuals. The breach exposed the personal information of customers, employees, and bus...

Qilin's "Korean Leaks" Hits 28 Financial Firms via MSP Supply Chain Attack

The Qilin ransomware group has executed a devastating supply-chain attack, dubbed "Korean Leaks," by breaching GJTec, a South Korean managed service provider (MSP). This single point of failure allowed the attackers to compromise at least 28 of the MSP's downs...

TryHackMe Apologizes for All-Male Panel After Community Backlash

Cybersecurity training platform TryHackMe issued a public apology on November 28, 2025, after announcing an all-male list of 18 industry helpers for its popular "Advent of Cyber" event. The omission sparked significant backlash from the cybersecurity community...

Pakistan-linked APT36 Targets Indian Government with New Linux Malware

The Pakistan-based threat group APT36, also known as Transparent Tribe, is conducting an active cyber-espionage campaign against Indian government entities. A CYFIRMA report published on November 29, 2025, details the group's use of a new Python-based malware...

North Korea's Cybercrime is Statecraft, Report Warns

A strategic intelligence report published by CYFIRMA on November 28, 2025, analyzes North Korea's increasing reliance on cybercrime as a core instrument of its statecraft. The report's release is timely, following Russia's 2024 veto that disbanded the UN Panel...

Under Armour Investigates Ransomware Attack, Data Theft Claims

Athletic apparel giant Under Armour is investigating a ransomware attack that has impacted its internal corporate systems. According to a report from November 28, 2025, an unidentified ransomware group has claimed responsibility and alleges it has exfiltrated...

DoorDash Discloses Another Breach via Third-Party Vendor

Food delivery service DoorDash disclosed another data breach on November 27, 2025, resulting from a compromise at an unnamed third-party service provider. The incident, reported on November 28, exposed information belonging to both customers and delivery drive...

Oracle Cloud Misconfiguration Exposes Customer Data

Oracle has reported a data breach stemming from misconfigured resources within its own Oracle Cloud Infrastructure (OCI). The incident, first noted on November 13 and analyzed in a report on November 28, 2025, allowed external, unauthorized access to a portion...

MaaS Provider TAG-150 Distributes Modular Loader and RAT

A Malware-as-a-Service (MaaS) provider, tracked as TAG-150, has been identified operating a campaign active since at least March 2025. According to a threat intelligence report from November 29, 2025, the group is distributing a modular loader that delivers a...