Qilin ransomware-as-a-service affiliate campaign targeting five countries
Campaign
Summary
Hide ▲
Show ▼
Qilin ransomware-as-a-service affiliates sustained a multi-country campaign through 2H 2025, keeping leak-site pressure high and showing repeatable extortion activity. The operation used double extortion against organizations in the United States, Canada, the United Kingdom, France and Germany. The scale and continuity make this an active, high-volume ransomware operation rather than isolated intrusions.
Related Happenings
Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion
Threat Actor Meta
H score21
First: 07.06.2026 17:09
Last: 07.06.2026 17:09
Sources 1
About this happening:
**Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...
Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion
Threat Actor MetaAbout this happening: **Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...
Silent Ransom Group US law firm IT impersonation campaign
Campaign
H score36
First: 29.05.2026 16:00
Last: 29.05.2026 16:00
Sources 1
About this happening:
**Silent Ransom Group (SRG)**, also tracked as **UNC3753**, **Chatty Spider**, and **Luna Moth**, is running a **financially motivated data theft extortion campaign** against **do...
Silent Ransom Group US law firm IT impersonation campaign
CampaignAbout this happening: **Silent Ransom Group (SRG)**, also tracked as **UNC3753**, **Chatty Spider**, and **Luna Moth**, is running a **financially motivated data theft extortion campaign** against **do...
Charter Communications hit by network compromise linked to ShinyHunters
Incident
H score25
First: 26.05.2026 22:46
Last: 26.05.2026 22:46
Sources 1
About this happening:
**Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, with the company saying it is **alerting authorities** and that **no sensitive personal...
Charter Communications hit by network compromise linked to ShinyHunters
IncidentAbout this happening: **Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, with the company saying it is **alerting authorities** and that **no sensitive personal...
Latest development: 29.05.2026 11:29
Have I Been Pwned analyzed leaked Charter Communications data and confirmed that the incident affected 4.9 million accounts, with exposed records including names, email addresses, job titles, phone numbers, and physical addresses. The published data also included a subset of about 85,000 records from an internal employee directory.
Gentlemen ransomware affiliate campaign expanding toolkit and infrastructure
Campaign
H score42
First: 20.04.2026 23:02
Last: 20.04.2026 23:02
Sources 1
About this happening:
The **Gentlemen ransomware** campaign has now been tied to a **ransomware attack on Oltenia Energy Complex** on the **second day of Christmas**, disrupting **ERP systems**, **docu...
Gentlemen ransomware affiliate campaign expanding toolkit and infrastructure
CampaignAbout this happening: The **Gentlemen ransomware** campaign has now been tied to a **ransomware attack on Oltenia Energy Complex** on the **second day of Christmas**, disrupting **ERP systems**, **docu...
Akira group rapid double-extortion ransomware activity
Malware Activity
H score44
First: 02.04.2026 16:00
Last: 02.04.2026 16:00
Sources 1
About this happening:
**Akira** ransomware activity now includes **AdaptixC2** abuse in active intrusions, alongside the group’s **under-one-hour** to **under-four-hours** attack cadence. A **Silent Pu...
Akira group rapid double-extortion ransomware activity
Malware ActivityAbout this happening: **Akira** ransomware activity now includes **AdaptixC2** abuse in active intrusions, alongside the group’s **under-one-hour** to **under-four-hours** attack cadence. A **Silent Pu...
Timeline
-
27.10.2025 18:45 1 articles · 7mo ago
Qilin ransomware-as-a-service affiliate campaign targeting five countries
Initial DisclosureQilin emerged in **mid-2022** and expanded into a **ransomware-as-a-service** ecosystem with affiliates. By **late 2025**, that ecosystem was sustaining regular leak-site publishing across multiple countries.
Show sources
- Qilin Ransomware Group Publishes Over 40 Cases Monthly — www.infosecurity-magazine.com — 27.10.2025 18:45