Ransomware Group: QILIN

VICTIM NAME: Podo Asset Management

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On September 25, 2025, Podo Asset Management, a Korean-based financial services firm, is presented as the victim of a ransomware-related data leak on a public leak page. The page identifies the company as founded in 2018 and focused on direct investments and IPOs. It describes the incident as a data leak in which internal financial documents, contracts, and personal information belonging to investors have been exposed. The post notes that the company’s stated capital is 900 million won (approximately $650,000). The leak page features a gallery of 35 images, which appear to be screenshots or copies of internal documents; detailed contents of the images are not provided in the summary. A defanged claim URL is indicated on the page, but no ransom amount is disclosed in the text. The overall framing suggests reputational and potentially competitive harm to the company.

The leak page contains Korean-language framing and includes a note that the Korean word for “grape” is used in the company name’s etymology, employing a grape-themed metaphor to describe the company’s trajectory under pressure. The leaked materials are described as internal financial documents, contracts, and investor data, with some personal information presented in redacted form. An email contact is referenced in the narrative but has been redacted, and an FTP-like address is also shown in the excerpt but similarly redacted. While the page emphasizes data exposure and reputational risk, there is no explicit ransom figure stated. The gallery’s 35 items indicate a substantial visual record accompanying the leak claims.

In terms of scope, the post hints at broader targets within the Korean financial sector and frames the disclosure as a challenge to market integrity. Because no compromise date is listed on the leak page, the available date is the post date: September 25, 2025. All URLs are defanged and personally identifiable information is redacted in accordance with standard CTI handling, with the victim’s name preserved as requested.