Korgene

Korgene operates as a malicious cyber threat actor group targeting organizations, specifically within the healthcare sector. Their activities focus on compromising the security of entities holding sensitive personal and medical information. The group demonstrates a particular interest in healthcare diagnostic firms operating in the United States market. Their primary objective involves gaining unauthorized access to protected systems and data.

A confirmed incident attributed to Korgene occurred on November 1, 2025. This cyberattack impacted a United States-based healthcare diagnostic company. The breach resulted in the compromise of sensitive data belonging to approximately 140,000 individuals. This incident exemplifies Korgene's operational focus on exploiting vulnerabilities within critical healthcare infrastructure to exfiltrate large volumes of protected health information and personally identifiable data. The scale of this breach underscores the significant risk Korgene poses to patient privacy and healthcare operational continuity.

Korgene functions as an external threat actor with no legitimate business operations or services. The group's distinguishing attribute is its specialization in conducting cyber intrusions against healthcare providers and associated diagnostic services. Their modus operandi involves leveraging cybersecurity weaknesses to access and steal sensitive data for likely criminal purposes, such as extortion or fraud. Publicly available information does not detail the group's internal structure, specific technical capabilities beyond intrusion and data theft, or any affiliations with other entities. Their activities position them as a persistent cybersecurity threat to the medical sector.