Find notable cyber news and cases, enriched with sources, timelines, and signals.

Qilin ransomware-as-a-service affiliate campaign targeting five countries

Campaign
First reported
Last updated
Happening score
H score 50
1 unique sources, 1 articles

Summary

Hide ▲

Qilin ransomware-as-a-service affiliates sustained a multi-country campaign through 2H 2025, keeping leak-site pressure high and showing repeatable extortion activity. The operation used double extortion against organizations in the United States, Canada, the United Kingdom, France and Germany. The scale and continuity make this an active, high-volume ransomware operation rather than isolated intrusions.

Related Happenings

Operation Endgame takedown of Amadey and StealC infrastructure

Law Enforcement
H score66 First: 24.06.2026 18:02 Last: 24.06.2026 18:02 Sources 1

About this happening: An **international law-enforcement takedown** under **Operation Endgame** disrupted shared infrastructure used by **Amadey** and **StealC**, with **Microsoft**, **Europol**, and i...

DragonForce / Hackledorb pivots from RaaS to a formalized cartel structure

Threat Actor Meta
H score26 First: 18.06.2026 16:30 Last: 18.06.2026 16:30 Sources 1

About this happening: **Hackledorb** has **pivoted DragonForce** from a conventional **ransomware-as-a-service (RaaS)** model into a **formalized cartel structure**, signaling a more organized and dura...

Major U.S. services company hit by ransomware attack linked to DragonForce

Incident
H score38 First: 16.06.2026 13:18 Last: 16.06.2026 13:18 Sources 1

About this happening: A **DragonForce ransomware** incident hit a **major U.S. services firm** in **December 2025**, with attackers maintaining access for **one to two months** and hiding **command-and...

Adriatic Port Authority (Autorità di Sistema Portuale del hit by ransomware attack linked to Anubis

Incident
H score54 First: 15.06.2026 19:15 Last: 15.06.2026 19:15 Sources 1

About this happening: The **Adriatic Port Authority** suffered a **ransomware breach** that disrupted the **Italian port of Ancona** and exposed sensitive port records. The intrusion was tied to **Anub...

Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion

Threat Actor Meta
H score21 First: 07.06.2026 17:09 Last: 07.06.2026 17:09 Sources 1

About this happening: **Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...

Timeline

  1. 27.10.2025 18:45 1 articles · 8mo ago

    Qilin ransomware-as-a-service affiliate campaign targeting five countries

    Initial Disclosure

    Qilin emerged in **mid-2022** and expanded into a **ransomware-as-a-service** ecosystem with affiliates. By **late 2025**, that ecosystem was sustaining regular leak-site publishing across multiple countries.

    Show sources