Qilin
-
Blog
North Korean hackers join Qilin ransomware gang
Microsoft says a North Korean hacking group tracked as Moonstone Sleet has deployed Qilin ransomware payloads in a limited number of recent attacks. “Since late February 2025, Microsoft has observed Moonstone Sleet, a North Korean state actor, deploying Qilin ransomware at a limited number of orgs,” the company’s threat intelligence experts said this week “Moonstone Sleet has previously exclusively deployed their…
Read More » -
Blog
Qilin ransomware claims attack at Lee Enterprises, leaks stolen data
The Qilin ransomware gang has claimed responsibility for the attack at Lee Enterprises that disrupted operations on February 3, leaking samples of data they claim was stolen from the company. The threat actors have now threatened to leak all the allegedly stolen data on March 5, 2025, unless a ransom demand is paid. Lee Enterprises is a US-based media company that…
Read More » -
Blog
Ransomware gang Qilin claims responsibility for cyber attack on newspaper giant Lee Enterprises
Ransomware group Qilin today claimed responsibility for a February 3, 2025 cyber attack on Lee Enterprises. The attack disrupted many of the company’s 70-plus newspapers and other publications. Lee Enterprises has not verified Qilin’s claim. In an SEC disclosure filed on February 12, the company said, “threat actors unlawfully accessed the Company’s network, encrypted critical applications, and exfiltrated certain files.”…
Read More » -
Blog
Ransomware gang Qilin claims cyber attack on Aiken Electric Cooperative – 4.6K+ affected
Ransomware gang Qilin has uploaded South Carolina utility company, Aiken Electric Cooperative, Inc., to its data leak site. It alleges to have stolen over 500GB of data. This follows confirmation of a cyber attack and subsequent data breach from Aiken Electric at the start of September. In its notification, Aiken Electric stated: “On September 1, 2024, Aiken Electric detected unusual…
Read More » -
Blog
New Qilin ransomware encryptor features stronger encryption, evasion
A new Rust-based version of the Qilin (Agenda) ransomware strain, dubbed ‘Qilin.B,’ has been spotted in attacks, featuring stronger encryption, better evasion from security tools, and the ability to disrupt data recovery mechanisms. Qilin.B was spotted by security researchers at Halcyon, who warned about the threat and shared indicators of compromise to help with early detection. Qilin updates its encryptor…
Read More » -
Blog
Qilin ransomware now steals credentials from Chrome browsers
The Qilin ransomware group has been using a new tactic and deploys a custom stealer to steal account credentials stored in Google Chrome browser. The credential-harvesting techniques has been observed by the Sophos X-Ops team during incident response engagements and marks an alarming change on the ransomware scene. Attack overview The attack that Sophos researchers analyzed started with Qilin gaining access…
Read More »