Qilin ransomware leak-site surge and double-extortion activity in H2 2025
Malware Activity
Summary
Hide ▲
Show ▼
The Qilin ransomware operation sustained a leak-site surge in second half of 2025, publishing more than 40 victim listings per month and keeping pressure on victims. It used a double-extortion model, encrypting data and threatening to leak stolen information to coerce payment. Activity concentrated on manufacturing, with additional targeting of professional and scientific services and wholesale trade across the United States, Canada, the United Kingdom, France and Germany. The pace and breadth of postings indicate a mature ransomware operation with continuing global reach.
Related Happenings
Adriatic Port Authority (Autorità di Sistema Portuale del hit by ransomware attack linked to Anubis
Incident
H score54
First: 15.06.2026 19:15
Last: 15.06.2026 19:15
Sources 1
About this happening:
The **Adriatic Port Authority** suffered a **ransomware breach** that disrupted the **Italian port of Ancona** and exposed sensitive port records. The intrusion was tied to **Anub...
Adriatic Port Authority (Autorità di Sistema Portuale del hit by ransomware attack linked to Anubis
IncidentAbout this happening: The **Adriatic Port Authority** suffered a **ransomware breach** that disrupted the **Italian port of Ancona** and exposed sensitive port records. The intrusion was tied to **Anub...
Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion
Threat Actor Meta
H score21
First: 07.06.2026 17:09
Last: 07.06.2026 17:09
Sources 1
About this happening:
**Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...
Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion
Threat Actor MetaAbout this happening: **Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...
Silent Ransom Group US law firm IT impersonation campaign
Campaign
H score36
First: 29.05.2026 16:00
Last: 29.05.2026 16:00
Sources 1
About this happening:
**Silent Ransom Group (SRG)**, also tracked as **UNC3753**, **Chatty Spider**, and **Luna Moth**, is running a **financially motivated data theft extortion campaign** against **do...
Silent Ransom Group US law firm IT impersonation campaign
CampaignAbout this happening: **Silent Ransom Group (SRG)**, also tracked as **UNC3753**, **Chatty Spider**, and **Luna Moth**, is running a **financially motivated data theft extortion campaign** against **do...
Charter Communications hit by network compromise linked to ShinyHunters
Incident
H score70
First: 26.05.2026 22:46
Last: 26.05.2026 22:46
Sources 1
About this happening:
**Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, with the company saying it is **alerting authorities** and that **no sensitive personal...
Charter Communications hit by network compromise linked to ShinyHunters
IncidentAbout this happening: **Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, with the company saying it is **alerting authorities** and that **no sensitive personal...
Latest development: 29.05.2026 11:29
Have I Been Pwned analyzed leaked Charter Communications data and confirmed that the incident affected 4.9 million accounts, with exposed records including names, email addresses, job titles, phone numbers, and physical addresses. The published data also included a subset of about 85,000 records from an internal employee directory.
7-Eleven hit by network compromise
Incident
H score53
First: 19.05.2026 17:16
Last: 19.05.2026 17:16
Sources 1
About this happening:
**7-Eleven** is a **victim-focused breach incident** in which an **unauthorized third party** accessed systems used to store **franchisee documents** on **April 8, 2026**, trigger...
7-Eleven hit by network compromise
IncidentAbout this happening: **7-Eleven** is a **victim-focused breach incident** in which an **unauthorized third party** accessed systems used to store **franchisee documents** on **April 8, 2026**, trigger...
Timeline
-
27.10.2025 18:45 1 articles · 7mo ago
Qilin ransomware leak-site surge and double-extortion activity in H2 2025
Initial DisclosureQilin accelerated leak-site publishing in **2H 2025**, crossing **40 victim listings per month** and peaking at **100 postings** in **June and August**. The surge marked a sustained rise in ransomware pressure rather than a one-off burst.
Show sources
- Qilin Ransomware Group Publishes Over 40 Cases Monthly — www.infosecurity-magazine.com — 27.10.2025 18:45