Qilin ransomware-as-a-service affiliate campaign targeting five countries
Campaign
Summary
Hide ▲
Show ▼
Qilin ransomware-as-a-service affiliates sustained a multi-country campaign through 2H 2025, keeping leak-site pressure high and showing repeatable extortion activity. The operation used double extortion against organizations in the United States, Canada, the United Kingdom, France and Germany. The scale and continuity make this an active, high-volume ransomware operation rather than isolated intrusions.
Related Happenings
Operation Endgame takedown of Amadey and StealC infrastructure
Law Enforcement
H score66
First: 24.06.2026 18:02
Last: 24.06.2026 18:02
Sources 1
About this happening:
An **international law-enforcement takedown** under **Operation Endgame** disrupted shared infrastructure used by **Amadey** and **StealC**, with **Microsoft**, **Europol**, and i...
Operation Endgame takedown of Amadey and StealC infrastructure
Law EnforcementAbout this happening: An **international law-enforcement takedown** under **Operation Endgame** disrupted shared infrastructure used by **Amadey** and **StealC**, with **Microsoft**, **Europol**, and i...
DragonForce / Hackledorb pivots from RaaS to a formalized cartel structure
Threat Actor Meta
H score26
First: 18.06.2026 16:30
Last: 18.06.2026 16:30
Sources 1
About this happening:
**Hackledorb** has **pivoted DragonForce** from a conventional **ransomware-as-a-service (RaaS)** model into a **formalized cartel structure**, signaling a more organized and dura...
DragonForce / Hackledorb pivots from RaaS to a formalized cartel structure
Threat Actor MetaAbout this happening: **Hackledorb** has **pivoted DragonForce** from a conventional **ransomware-as-a-service (RaaS)** model into a **formalized cartel structure**, signaling a more organized and dura...
Major U.S. services company hit by ransomware attack linked to DragonForce
Incident
H score38
First: 16.06.2026 13:18
Last: 16.06.2026 13:18
Sources 1
About this happening:
A **DragonForce ransomware** incident hit a **major U.S. services firm** in **December 2025**, with attackers maintaining access for **one to two months** and hiding **command-and...
Major U.S. services company hit by ransomware attack linked to DragonForce
IncidentAbout this happening: A **DragonForce ransomware** incident hit a **major U.S. services firm** in **December 2025**, with attackers maintaining access for **one to two months** and hiding **command-and...
Adriatic Port Authority (Autorità di Sistema Portuale del hit by ransomware attack linked to Anubis
Incident
H score54
First: 15.06.2026 19:15
Last: 15.06.2026 19:15
Sources 1
About this happening:
The **Adriatic Port Authority** suffered a **ransomware breach** that disrupted the **Italian port of Ancona** and exposed sensitive port records. The intrusion was tied to **Anub...
Adriatic Port Authority (Autorità di Sistema Portuale del hit by ransomware attack linked to Anubis
IncidentAbout this happening: The **Adriatic Port Authority** suffered a **ransomware breach** that disrupted the **Italian port of Ancona** and exposed sensitive port records. The intrusion was tied to **Anub...
Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion
Threat Actor Meta
H score21
First: 07.06.2026 17:09
Last: 07.06.2026 17:09
Sources 1
About this happening:
**Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...
Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion
Threat Actor MetaAbout this happening: **Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...
Timeline
-
27.10.2025 18:45 1 articles · 8mo ago
Qilin ransomware-as-a-service affiliate campaign targeting five countries
Initial DisclosureQilin emerged in **mid-2022** and expanded into a **ransomware-as-a-service** ecosystem with affiliates. By **late 2025**, that ecosystem was sustaining regular leak-site publishing across multiple countries.
Show sources
- Qilin Ransomware Group Publishes Over 40 Cases Monthly — www.infosecurity-magazine.com — 27.10.2025 18:45