Ransomware Group: QILIN

VICTIM NAME: HUB ASSET MANAGEMENT Co

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Post date: September 25, 2025. The leak page concerns HUB ASSET MANAGEMENT Co, a financial services firm listed as a victim in the KoreanLeak3 leak series. The page identifies the country as Japan (JP) and presents HUB ASSET MANAGEMENT Co as having a reported portfolio of 2.8 billion won (about $2 million). It describes the firm as pursuing an “alternative approach to investment security,” stating that investment decisions are based on scientific analysis and conservative modeling in conditions of relatively high uncertainty. The post also claims the company applies an unconventional data-security stance, stating that the strategy is “not to worry about confidentiality,” and asserts that this approach has resulted in a data breach in which the company’s work data and the personal data of all employees and investors are now publicly accessible.

The leak page includes 20 image attachments described as screenshots, which appear to support the published claims though their exact contents are not detailed in the public summary. The post implies that the stolen material may be released publicly or is already available. It provides a claim URL on the page and lists contact channels; personal contact details (such as email) are redacted in the public data, and an FTP credential is presented in redacted form. The images are hosted on onion-based addresses, defanged for public sharing, and the page’s structure is consistent with a data-leak narrative rather than a traditional encryption incident.

Notes on the disclosure: The provided excerpt does not present a specific ransom amount, and the “downloads_present” indicator is false. The record centers on HUB ASSET MANAGEMENT Co and references the leak series label (KoreanLeak3), signaling an intent to publish additional data on other Korean financial-market entities. The overall content underscores ongoing risk to the financial services sector, particularly for entities operating across borders, where employee and investor personal data may be exposed through data-leak activities.