嗯,用户让我帮忙总结一下这篇文章的内容,控制在一百个字以内。首先,我需要通读整篇文章,抓住主要信息。 文章讲的是大韩航空的数据泄露事件。他们的餐饮和免税品供应商KC&D被黑客攻击,导致大约3万名员工的个人信息泄露。虽然客户数据没有受到影响,但公司还是采取了紧急措施,并向当局报告了此事。此外,Clop勒索软件团伙声称对此负责,他们利用了Oracle EBS的零日漏洞。 接下来,我需要把这些要点浓缩成一句话。要包括事件的主体(大韩航空)、原因(供应商被黑)、影响(员工数据泄露)、处理措施(紧急应对)以及责任方(Clop团伙)。同时要确保不超过100个字。 可能的结构是:大韩航空因供应商被黑导致员工数据泄露,已采取措施应对,并指出Clop团伙负责。 检查一下字数是否合适,确保信息准确且简洁。 </think> 大韩航空因旗下餐饮和免税品供应商KC&D遭黑客攻击,导致约3万名员工个人信息泄露,已采取紧急措施应对,并指出Clop勒索软件团伙或为责任方。 2025-12-29 14:35:13 Author: securityaffairs.com(查看原文) 阅读量:3 收藏
Korean Air discloses data breach after the hack of its catering and duty-free supplier
Pierluigi Paganini
December 29, 2025
Korean Air employee discloses a data breach after a hack of its catering and duty-free supplier, KC&D, affecting thousands of staff.
Korean Air suffered a data breach after its in-flight catering supplier Korean Air Catering & Duty-Free (KC&D) was hacked, exposing personal data of ~30,000 employees of Korean Air employees.
Korean Air is South Korea’s flag carrier and one of the largest airlines in Asia, operating passenger and cargo services worldwide. It employs around 18,000–20,000 people globally and serves destinations across multiple continents. In 2024 it carried over 23 million passengers, and in 2025 it has transported more than 16 million passengers so far. The airline operates a large modern fleet and has hubs at Seoul’s major airports, connecting numerous international and domestic routes.
The company posted an internal notice stating that KC&D had informed them of a security breach involving personal data belonging to the airline’s employees, according to sources cited by Korea JoongAng Daily.
Korean Air pointed out that no customer data appears to have been compromised by the cyber incident.
“”KC&D Service (KC&D)*,” an in-flight meal and in-flight sales company that was spun off from our company in 2020 and operates as a separate entity, was recently attacked by an external hacker group. It is understood that during this process, the personal information (names, account numbers) of our employees stored on that company’s ERP server was leaked.” reads the notice. “Our company recently learned of this after receiving the information from KC&D Service. Although this incident occurred within the management scope of an external partner company that was spun off and sold, the company takes this matter very seriously as our employees’ information is involved.”
Korean Air stated that, upon learning of the breach, it implemented emergency security measures, reported the incident to authorities, and is working to identify the scope and affected employees. The airline confirmed no additional employee data has leaked but warned staff to watch for suspicious messages. Further guidance and support will be provided, and security protocols with partners will be fully reviewed to prevent recurrence.
“Korean Air takes this incident very seriously, especially since it involves employee data, even if it originated from a third-party vendor that was sold off,” said Woo Kee-hong, vice chairman of Korean Air, in a message to employees. “We are currently focusing all our efforts on identifying the full scope of the breach and who was affected.”
Korean Air notified the relevant authorities and is investigating the incident to determine the precise scope and targets of the leak.
Korean Air did not attribute the attack to a specific threat actor, however, the Clop ransomware group has claimed responsibility for the KC&D attack in November. The group added KC&D to its Tor data leak site and already leaked the allegedly stolen data.
The Clop ransomware gang has been exploiting the critical Oracle EBS zero-day CVE-2025-61882 since early August, stealing sensitive data from numerous organizations worldwide, including Envoy Air, Harvard University, Washington Post, Logitech, University of Pennsylvania, and University of Phoenix.
Clop (aka Cl0p) is a prolific Russian-speaking ransomware-as-a-service group specializing in big-game hunting and double-extortion.
The Clop ransomware group first appeared on the threat landscape around February 2019, emerging from the TA505 cybercrime group, a financially motivated gang active since at least 2014.
Like other Russia-based threat actors, Clop avoids targets in former Soviet countries and its malware can’t be activated on a computer that operates primarily in Russian.
Operators and affiliates identify high-value targets, steal sensitive data, encrypt networks, then publish stolen files on data-leak sites to pressure victims into paying. Clop exploits zero-days and vulnerable third-party software (e.g., MOVEit, GoAnywhere, Oracle EBS), leverages initial-access brokers and automation, and uses sophisticated evasion and lateral-movement techniques to maximize impact and monetization.
Clop’s victims include Shell, British Airways, Bombardier, University of Colorado, PwC, and the BBC.
The group conducted major campaigns including:
- Accellion FTA (2020–2021): Exploited a zero-day in the file-transfer appliance to steal data from ~100 organizations.
- GoAnywhere MFT (2023): Targeted a flaw (CVE-2023-0669) to compromise over 130 organizations.
- MOVEit Transfer (2023): One of the largest ransomware campaigns in history, impacting hundreds of companies worldwide, including US and European firms, through an SQL injection zero-day (CVE-2023-34362).
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
如有侵权请联系:admin#unsafe.sh