HackerFeeds
All ransomware incidents
urg.co.kr

Ransomware group nova hits URG OEM

MEDIUM
·Manufacturing·KR·2026-05-17

URG OEM — a manufacturing target operating in KR has been listed by the nova ransomware group on 2026-05-17. The information below reflects what the threat actor has publicly claimed on their leak site; the details have not been independently verified.

Incident Report

Target OrganizationURG OEM
Threat Group
nova
Summaryurg.co.kr - URG was founded with a sincere desire to provide solutions for customers facing skin concerns. Starting in 1990 with the launch of Shangpree Spa, the company not only delivered high-quality products to customers but also set a new standard for luxury service in the skincare industry—establishing itself as a leading premium spa brand. Building on over 30 years of tradition and expertise, URG has since launched a variety of skincare brands, gaining recognition both domestically and internationally.
Date of Breach2026-05-17
Discovery Date2026-05-17
RegionKR
Target Domainurg.co.kr
Business SectorManufacturing
Severity
MEDIUM

Claim by nova

urg.co.kr - URG was founded with a sincere desire to provide solutions for customers facing skin concerns. Starting in 1990 with the launch of Shangpree Spa, the company not only delivered high-quality products to customers but also set a new standard for luxury service in the skincare industry—establishing itself as a leading premium spa brand. Building on over 30 years of tradition and expertise, URG has since launched a variety of skincare brands, gaining recognition both domestically and internationally.

Posted by the nova threat actor on its public leak site. This is the group's own statement and has not been independently verified by HackerFeeds.

Sources

Victim website

urg.co.kr

Leak post (onion / Tor)

tor

http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/urg-oem

Open this URL in Tor Browser. Browsing leak sites carries real risk — view passively, never click further.

Disclaimer

HackerFeeds does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information. All breach data reported here is sourced from publicly available threat intelligence feeds for awareness purposes only.