24 matches found
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
Microsoft on Tuesday said it disrupted a malware-signing-as-a-service MSaaS operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attribut...
Qilin EDR killer infection chain
Endpoint detection and response EDR tools are widely deployed and far more capable than traditional antivirus. As a result, attackers use EDR killers to disable or bypass them. Disabling telemetry collection process, memory, network activity limits what defenders can see and analyze. As defenders...
An overview of ransomware threats in Japan in 2025 and early detection insights from Qilin cases
In 2025, a total of 134 ransomware incidents were reported in Japan, marking a 17.5% increase compared to 2024. Among these, 22 incidents were attributed to Qilin, representing 16.4% of the total. In 2025, Qilin ransomware was highly active. Looking ahead to 2026, unless there is significant...
Qilin Ransomware Claims Data Theft from Church of Scientology
Qilin ransomware claims it stole internal data from the Church of Scientology, sharing 22 screenshots as proof. The breach remains unconfirmed by the organization...
Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist
South Korea's financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware. "This operation combined the capabilities of a major Ransomware-as-a-Service RaaS group, Qilin, with potential involvement from North...
Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack
The ransomware group known as Qilin aka Agenda, Gold Feather, and Water Galura has claimed more than 40 victims every month since the start of 2025, barring January, with the number of postings on its data leak site touching a high of 100 cases in June. The development comes as the...
Uncovering Qilin attack methods exposed through multiple cases
In the second half of 2025, the ransomware group Qilin has continued to publish victim information on its leak site at a pace of more than 40 cases per month, making it one of the most impactful ransomware groups worldwide. The manufacturing sector has been the most affected, followed by...
LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem
Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat landscape. The coalition is seen as an attempt on the part of the financially motivated threat actors to conduct more...
Qilin Ransomware Gang Claims 4TB Data Breach at Nissan CBI
Qilin ransomware claims a 4TB data breach at Nissan CBI, leaking car design files, financial data, 3D models,…...
Europol Denies $50K Reward for Qilin Ransomware, Calls It a Scam
Europol has confirmed that a widely reported $50,000 reward for information on the Qilin ransomware group is a…...
Ransomware incidents in Japan during the first half of 2025
In the first half of 2025, the number of ransomware attacks in Japan increased by approximately 1.4 times compared to the previous year. Ransomware attackers continue to primarily target small and medium-sized enterprises in Japan. The most affected industry remains manufacturing, unchanged from...
Dark Web Roast - July 2025 Edition
Dark Web Roast - July 2025 Edition By Trellix Advanced Research Center · August 19, 2025 Executive Summary July 2025 delivered a masterclass in cybercriminal mediocrity that would make even the most charitable threat intelligence analyst weep into their coffee. After extensive hunts across the da...
Qilin Ransomware Attack on NHS Causes Patient Death in the UK
A patient's death is confirmed linked to the June 2024 ransomware attack by the Qilin ransomware gang on Synnovis, crippling London's NHS. Learn about the disruptions and Impact...
Qilin Ransomware Adds "Call Lawyer" Feature to Pressure Victims for Larger Ransoms
The threat actors behind the Qilin ransomware-as-a-service RaaS scheme are now offering legal counsel for affiliates to put more pressure on victims to pay up, as the cybercrime group intensifies its activity and tries to fill the void left by its rivals. The new feature takes the form of a "Call...
Lessons from Qilin: What the Industry’s Most Efficient Ransomware Teaches Us
Qilin has quietly become one of the most active and impactful ransomware operations in the world today. If it’s not already on your threat radar, now is the time to take notice. This blog unpacks how Qilin operates, why it’s gaining traction across cybercriminal networks, and what steps security...
Qilin Ransomware Ranked Highest in April 2025 with 72 Data Leak Disclosures
Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of a campaign observed in November 2024. "NETXLOADER is a new .NET-based loader that plays a critical role in...
New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics
Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics to evade detection. The new variant is being tracked by cybersecurity firm Halcyon under the moniker Qilin.B. "Notably, Qilin.B now supports AES-256-CTR encryption f...
CODAC Behavioral Healthcare, US Marshalls are latest ransomware targets
The Qilin ransomware group listed CODAC Behavioral Healthcare, a nonprofit health care treatment organization, as one of their latest victims. Qilin seems to have a preference for healthcare and support organizations. One of their most well-known victims was the pathology lab services provider...
Qilin Ransomware Upgrades and Now Steals Google Chrome Credentials
Qilin ransomware is evolving, now targeting Google Chrome credentials. Learn how this new tactic expands their attack arsenal…...
New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data
The threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints. The use of credential harvesting in connection with a ransomware infection marks an unusual twist, and one that could have cascadi...