📄 Original Report (PDF): Download EQST Insight 2026 March →
📄 Original Report: Download EQST Insight 2026 03 Mar PDF
SK Shieldus’s EQST (Experts, Qualified Security Team) has released its March 2026 monthly threat intelligence report, covering three critical topics: a landmark update to Korea’s personal data protection law, an encryption flaw discovered in the Green Blood ransomware, and a newly disclosed one-click remote code execution vulnerability in OpenClaw.
Headline: Strengthened Personal Information Protection Act (PIPA) Amendment
The National Assembly passed a significantly strengthened amendment to Korea’s Personal Information Protection Act (PIPA). The revised legislation tightens requirements around data breach notifications, consent management, and cross-border data transfers. Organisations operating in Korea must now move quickly to align their data governance programs with the stricter obligations. Key changes include mandatory 72-hour breach notification windows, enhanced rights for data subjects, and stiffer administrative penalties for non-compliance. EQST analysts note that security teams should audit their incident response playbooks and data inventory practices in light of these changes.
Keep Up with Ransomware: Green Blood Encryption Key Flaw
EQST researchers identified a vulnerability in the encryption key management mechanism of the Green Blood ransomware family. Unlike mature ransomware operations that use asymmetric key exchange to protect victims’ decryption keys, Green Blood was found to generate and store encryption keys in a way that can be partially recovered under certain conditions. The research team has been working with law enforcement to develop a decryption tool for affected organisations. This finding underscores the importance of analysing ransomware binaries thoroughly — even sophisticated-sounding threat actors can introduce critical implementation errors that provide victims with a path to recovery.
Research & Technique: OpenClaw 1-Click RCE Vulnerability
EQST’s vulnerability research team disclosed a one-click remote code execution vulnerability in OpenClaw, a widely used open-source network analysis tool. By convincing a user to open a specially crafted project file or click a malicious link within the application interface, an attacker can execute arbitrary code with the privileges of the current user. The vulnerability stems from insufficient input validation in OpenClaw’s file parsing engine. A patch has been issued and users are strongly encouraged to update immediately. Organisations should also review their software update policies to ensure third-party security tooling is kept current.
Source: SK Shieldus EQST Insight, March 2026 — skshieldus.com
