Ggumim

Ggumim, operating under that alias with headquarters in South Korea, gained notoriety through its involvement in a significant cybersecurity incident in May 2020. The group demonstrated capabilities in breaching corporate systems and exfiltrating sensitive user data, as evidenced by their coordinated leak of over 73 million records across 11 companies. This operation involved compromising private source code repositories through unauthorized access to Microsoft's GitHub account, showcasing technical proficiency in exploiting development infrastructure vulnerabilities. The stolen databases appeared on dark web marketplaces with asking prices between $1,500 and $3,500 per dataset, indicating commercial motives behind the data theft.

The incident highlighted Ggumim's focus on large-scale data harvesting and monetization through underground channels. Their actions compromised confidentiality across multiple organizations simultaneously, suggesting strategic targeting rather than opportunistic attacks. The group's operational security allowed them to maintain control over the stolen information while negotiating sales, reflecting organized criminal enterprise characteristics. This breach underscored critical vulnerabilities in how companies protect source code repositories and user databases, particularly when third-party platforms serve as access points.

While the organization's internal structure remains undocumented in available sources, its demonstrated ability to coordinate multi-company breaches positions it among sophisticated cybercriminal entities. The lack of subsequent public attribution for this incident suggests effective evasion techniques or potential gaps in forensic investigation pathways. The compromise of major technology providers' development environments revealed systemic risks in supply chain security that extend beyond immediate victim organizations.