Menu
Browse

Cyber Threat Actor: South Korean threat actor

Actor Type Location Known Incidents
 Icon
Criminal
South Korea
1 incident
Profile

The threat actor is publicly referenced as a South Korean threat actor, with its operational base located in South Korea. Cybersecurity firm Cyble has linked this group to a series of high‑profile attacks, noting that it is responsible for previous incidents beyond the one described here. The actor is known by the alias “South Korean threat actor” in open‑source reporting, and no additional names or affiliations have been disclosed in the available sources.

In July 2020 the actor was associated with a major data breach at Religare Health Insurance, an Indian health‑insurance provider. Approximately five million records were compromised, encompassing policyholder names, contact details, dates of birth, policy numbers, financial information, employee credentials, authorization keys, password hashes, internal IP addresses, and login activity logs. Cyble identified the breach and attributed it to the South Korean threat actor group, noting that the stolen dataset was subsequently offered for sale on dark‑web marketplaces. The exposure raised concerns about potential phishing campaigns, identity theft, and financial fraud affecting the individuals whose data was leaked.

This incident illustrates the actor’s focus on the health‑insurance sector and its willingness to target organizations in India for large‑scale data exfiltration. By linking the breach to earlier high‑profile operations, the reporting suggests a pattern of targeting entities that hold substantial volumes of personal and financial information. No specific malware families, initial‑access vectors, or tooling styles are described in the provided material, and no explicit state nexus or criminal‑consortium affiliation is stated. The profile therefore remains confined to the confirmed facts of the actor’s alias, location, the Religare Health Insurance breach, and the associated dark‑web sale of the stolen data.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources