Qilin
Synnovis notifies of data breach after 2024 ransomware attack
Synnovis, a leading UK pathology services provider, is notifying healthcare providers that a data breach occurred following a ransomware attack in June 2024, which resulted in the theft of some patients’ data. Founded in 2021, Synnovis is a partnership between international medical diagnostics provider SYNLAB, Guy’s and St Thomas’ NHS Foundation Trust, and King’s College Hospital NHS Foundation Trust. It […]
Qilin ransomware abuses WSL to run Linux encryptors in Windows
The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools. The ransomware first launched as “Agenda” in August 2022, rebranding to Qilin by September and continuing to operate under that name to this day. Qilin has become one of the most […]
Qilin ransomware claims Asahi brewery attack, leaks data
The Qilin ransomware group has claimed the attack on Japanese beer giant Asahi by adding the company to the list of victims on its data leak site. The threat actor claims to have exfiltrated more than 9,300 files in 27GB of data. As proof of the theft, the hackers published 29 images showing internal financial documents, employee […]
Nissan confirms design studio data breach claimed by Qilin ransomware
Nissan Japan has confirmed to GeekFeed that it suffered a data breach following unauthorized access to a server of one of its subsidiaries, Creative Box Inc. (CBI). This came in response to the Qilin ransomware group’s claims that they had stolen four terabytes of data from CBI, including 3D vehicle design models, internal reports, financial […]
Europol confirms $50,000 Qilin ransomware reward is fake
Europol has confirmed that a Telegram channel impersonating the agency and offering a $50,000 reward for information on two Qilin ransomware administrators is fake. The impostor later admitted it was created to troll researchers and journalists. “We were also surprised to see this story gaining traction,” Europol told GeekFeed on Monday. “The announcement didn’t come […]
Pharma firm Inotiv says ransomware attack impacted operations
American pharmaceutical company Inotiv has disclosed that some of its systems and data have been encrypted in a ransomware attack, impacting the company’s business operations. In a filing to the U.S. Securities and Exchange Commission (SEC), Inotiv says that the cyberattack occurred on August 8 and took action to contain the breach. “On August 8, 2025, […]
Critical Fortinet flaws now exploited in Qilin ransomware attacks
The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. Qilin (also tracked as Phantom Mantis) surfaced in August 2022 as a Ransomware-as-a-Service (RaaS) operation under the “Agenda” name and has since claimed responsibility for over 310 victims on its dark […]
Media giant Lee Enterprises says data breach affects 39,000 people
Publishing giant Lee Enterprises is notifying nearly 40,000 people whose personal information was stolen in a February 2025 ransomware attack. As one of the largest newspaper groups in the United States, Lee Enterprises publishes 77 daily newspapers and 350 weekly and specialty publications across 26 states. The local news provider’s newspapers have a daily circulation […]
Kickidler employee monitoring software abused in ransomware attacks
Ransomware operations are using legitimate Kickidler employee monitoring software for reconnaissance, tracking their victims’ activity, and harvesting credentials after breaching their networks. In attacks observed by cybersecurity companies Varonis and Synacktiv, Qilin and Hunters International ransomware affiliates installed Kickidler, an employee monitoring tool that can capture keystrokes, take screenshots, and create videos of the screen. Kickidler’s developer says the tool […]
Microsoft: North Korean hackers join Qilin ransomware gang
Microsoft says a North Korean hacking group tracked as Moonstone Sleet has deployed Qilin ransomware payloads in a limited number of recent attacks. “Since late February 2025, Microsoft has observed Moonstone Sleet, a North Korean state actor, deploying Qilin ransomware at a limited number of orgs,” the company’s threat intelligence experts said this week “Moonstone Sleet has […]