Korean Air Hit by Clop Ransomware
Korean Air Catering & Duty Free (KC&D), the catering arm of Korean Air that serves multiple airlines across Asia, has been targeted by the Clop ransomware gang in a major data breach affecting thousands of employees.
KC&D has formally notified its workforce about the incident and assured staff that it is implementing enhanced security measures to mitigate risks associated with the cyberattack.
According to Korea JoongAng Daily, personal data belonging to more than 30,000 employees was stolen. The compromised information reportedly includes names and bank-related details, while email addresses, postal addresses, and contact numbers were not exposed.
The breach was officially identified on November 21, 2025, after the Clop group leaked approximately 500GB of stolen data on the dark web. In line with its recent tactics, Clop did not encrypt KC&D’s systems, instead focusing solely on data exfiltration and extortion.
Clop is a well-known cybercrime group historically associated with file-encrypting ransomware. In recent years, however, it has shifted toward “pure extortion” attacks, stealing data and threatening public leaks rather than disrupting operations through encryption.
Teenagers Being Lured by Ransomware Gangs
Cybersecurity experts are warning that tech-savvy teenagers, particularly those active on gaming platforms and social media, are increasingly being targeted by ransomware gangs for recruitment.
Criminals often approach teens through casual online chats, offering fast money, flexible hours, and paid “training” in exchange for helping spread malware or phishing links. Payments are typically promised in cryptocurrency, deposited into shared or anonymous e-wallets.
The goal is to exploit teenagers’ devices as part of botnets used to distribute malware, conduct phishing campaigns, or assist in extortion operations.
High school students are especially vulnerable, as these “jobs” claim to require no prior experience. Some recruitment posts target all genders, but many specifically seek females in their mid-teens to early twenties.
Participation in such activities can lead to serious legal consequences, including imprisonment, heavy fines, or both.
One loosely organized cybercrime ecosystem involved in these tactics is known as “The Com” (short for “The Community”). Groups such as Scattered Spider, Lapsus$, and ShinyHunters are believed to collaborate within this network. While a small number of recruits are tasked with data theft, most are used for phishing, malware distribution, and digital extortion, targeting sectors such as telecommunications, retail, finance, media, fashion, and education.
Many teenagers mistakenly believe their actions are anonymous. However, law enforcement agencies now possess advanced tracking and attribution tools, often identifying suspects within days of criminal activity.
Authorities strongly advise young people to avoid fake job offers, particularly those that promise payment in cryptocurrency. Such schemes are almost always illegal, and in many cases, the crypto payments themselves are fraudulent and cannot be converted into real currency.
Join our LinkedIn group Information Security Community!
