-
SK Shieldus failed to notice a cyber attack for over a week despite receiving two intrusion warnings from attackers.
-
A report from Rep. Choi Soo-jin on October 20th noted that the security firm received two warnings from an anonymous hacker group on the 10th and 13th of September.
-
Over 24 gigabytes (GB) of Gmail data belonging to a technical sales worker at SK Shieldus was hacked in the incident.

In recent developments in cyberspace, a US-based security company originating from South Korea with headquarters worldwide (including the US), fell victim to a ransomware hack conducted by hacker group Blackshrantac. SK Shieldus reportedly neglected the cyber breach for a week, even after having two intrusion warnings from Blackshrantac.
BlackShrantac further published photos of some of the stolen files, proving its access to certain sensitive files of the security company.
It initially explained that only a digital environment (honeypot) had been attacked, but it appeared that the breach included documents associated with actual work.
SK Shieldus Ransomware Breach
SK Shieldus established a honeypot, a digital environment to attract cyber attackers on September 26th, 2025. The company set up this digital system intentionally to monitor and identify hackers’ patterns.
Unfortunately, the testing process stopped when a hacker infected an employee’s personal email account with malware. Blackshrantac then used this cyber breach to send two warning emails to SK Shieldus, but the security firm neglected them. SK Shieldus denied the claims of the breach, declaring that the honeypot environment was functioning normally.
Further investigations revealed an unforeseen vulnerability in the system, which led to Blackshrantac’s successful hack.
SK Shieldus became aware of the incident on October 17th, confirming that internal documents connected to the firm had been published on the dark web. Eventually, SK Shieldus reported the cyber attack to the Korea Internet & Security Agency (KISA), one week after receiving the warnings from the attackers.
The firm later responded to criticism over the delayed report, stating that it recognized the cyber damage on the 17th and reported the leak within 24 hours, on the 18th.
How the Attack Occurred
During investigations, an SK Shieldus technical sales employee’s personal account had signed in automatically on a virtual machine (VM) linked to the honeypot.
Hackers stole 24 gigabytes (GB) of Gmail data belonging to an SK Shieldus technical sales employee during the incident. Reports say the leak included a large amount of work-related content, such as technical security information.
SK Shieldus is a technology firm that prioritizes mobile and web app security. The tech giant specializes in offering detailed security solutions via the use of Artificial Intelligence (AI) algorithms to spot and mitigate possible threats. The firm’s services include code review, vulnerability assessments, and penetration testing to aid companies in protecting their virtual assets adequately.
Some of SK Shieldus’ clients potentially affected by the leak include SK Telecom, semiconductor companies, public institutions, and financial organizations. Thus, there is a possibility of more significant damage due to the incident.
This incident with SK Shieldus has shown the increasing need for proactive cybersecurity measures going forward.
Some of the leaked data by Blackshrantac included SK Shiledus’ security technical files, system diagrams, customer details, HR and payroll information, and API authentication keys.