Hwacheon Machine Tool Co Ltd, a pioneering and leading South Korean manufacturer of industrial machinery, has allegedly fallen victim to a cyberattack by the Gunra ransomware group. The group claims to have exfiltrated 265GB of sensitive financial documents and has begun publishing the stolen data. Hwacheon, founded in 1952, is a globally recognized name in the machine tool industry, known for its production of CNC lathes and machining centers, and plays a significant role in South Korea’s industrial sector.
The threat actors have created a leak page that appears to show a directory of the compromised data, indicating a deep breach of the company’s financial support team’s files. The folder names, translated from Korean, suggest a wide range of sensitive financial information has been allegedly stolen. The compromised data allegedly includes documents related to the company’s finances, tax records, payment information, public announcements, internal reports, and draft documents. The leak also seems to contain personal backups and files from an internal accounting operational evaluation.
The full extent of the data breach is still being determined, but the initial leak points to a significant compromise of Hwacheon’s confidential financial information. The following is a list of the titles of the leaked data directories that have been made public:
- Financial
- Tax
- Payment
- Public Announcement
- Reports
- Drafting
- Personal Backup
- Etc./Miscellaneous
- 2nd Internal Accounting Operational-Evaluation_Financial Support Team
- Link
- New Shortcut
