Qilin ransomware
-
Qilin and Warlock ransomware groups use vulnerable drivers to disable security tools
Qilin and Warlock ransomware operators have used vulnerable drivers to disable security tools on compromised systems, according to a technical analysis by Cisco Talos and Trend Micro. The findings highlight growing use of BYOVD tactics and in-memory evasion.
-
Romanian oil pipeline operator reports cyberattack that took website offline
Conpet reported a cyberattack that disrupted its corporate IT systems and disabled its website on Tuesday. Operational technology remained unaffected and authorities were notified. A ransomware group using the Qilin name posted files presented as proof.
-
PDFSider backdoor deployed on Fortune 100 finance firm network
A Resecurity technical analysis found PDFSider, a Windows backdoor, was used to deliver ransomware on a Fortune 100 finance firm’s network. The malware uses DLL side-loading, memory-only execution, DNS exfiltration, and AES-256-GCM encryption.
-
Qilin ransomware deployed in supply-chain attack hits South Korean financial firms
Security researchers say a supply‑chain compromise of a managed service provider enabled Qilin ransomware to hit multiple South Korean financial firms in September 2025, stealing more than 1 million files and about 2 TB of data in a campaign researchers call “Korean Leaks.”
-
Qilin ransomware deployed Linux payload on Windows using BYOVD and legitimate IT tools, researchers say
Researchers report that the Qilin ransomware group has been highly active through 2025, using leaked credentials, credential-harvesting tools and legitimate remote-management software to deploy a Linux ransomware binary on Windows systems while employing BYOVD and targeting backup infrastructure.
-
Ransomware group Qilin claims 4TB data breach at Nissan CBI, leaking 3D designs and VR files
Ransomware group Qilin claims to have copied more than 4 terabytes of data from Nissan Creative Box Inc. (CBI), including 3D design data and VR files, threatening to release the material if demands are not met. Nissan has not yet commented on the claim, and experts caution that the breach, if verified, could threaten trade…
-
Inotiv ransomware attack disrupts operations as Qilin claims data theft
Inotiv, an Indiana-based contract research organization, disclosed a ransomware incident on August 8, 2025 that encrypted some systems and data, disrupting operations. The company engaged external security experts, notified law enforcement, and said it is restoring networks while a Qilin ransomware gang claims to have stolen hundreds of thousands of files and published data samples.
-
Qilin Ransomware Group Introduces Legal Counsel for Victims Amid Surge in Activity
The Qilin ransomware group has introduced a ‘Call Lawyer’ feature to their affiliate panel, providing legal assistance to victims, aiming to increase the effectiveness of their ransom demands amid a rise in cyberattack activities.
-
Lee Enterprises Data Breach Affects Nearly 40,000 Individuals
Lee Enterprises has reported a data breach affecting nearly 40,000 individuals following a ransomware attack in February 2025, leading to significant operational disruptions across its publishing network.
