Find notable cyber news and cases, enriched with sources, timelines, and signals.

Qilin ransomware activity surge with affiliate-led RaaS operations

Malware Activity
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

The Qilin ransomware operation is seeing a rise in attacks, increasing the risk of data theft and file encryption across corporate networks. The group relies on an affiliate-driven RaaS model and commonly breaks in through unpatched VPN appliances, lack of MFA, and exposed management interfaces. In 2025, 88% of observed cases combined theft and encryption, and stolen data was often posted to leak sites when ransom demands were refused. The activity is hitting small-to-medium businesses in construction, healthcare, and financial sectors, with Scattered Spider affiliates also using the platform.

Related Happenings

Qilin consolidates into dominant RaaS position as ransomware market reconcentrates

Threat Actor Meta
H score39 First: 03.07.2026 16:00 Last: 03.07.2026 16:00 Sources 1

About this happening: **Qilin** is consolidating into a dominant **RaaS** position as the ransomware ecosystem shifts back from fragmentation to concentration, increasing affiliate scale and victim vol...

Outsider Enterprise-Outsider-Chinese cybercrime alliance reshapes ransomware ecosystem operations

Threat Actor Meta
H score69 First: 12.06.2026 21:59 Last: 12.06.2026 21:59 Sources 1

About this happening: The **Outsider Enterprise** is a **Chinese phishing-as-a-service** operation that used **Telegram**, **AI**, and distributed phishing kits to run large-scale brand-impersonation c...

The Gentlemen ransomware group’s 90/10 RaaS model and rapid victim growth

Threat Actor Meta
H score26 First: 10.06.2026 17:03 Last: 10.06.2026 17:03 Sources 1

About this happening: **The Gentlemen** ransomware group has become a high-volume **RaaS** operation, using a **90/10 affiliate split** to attract operators and expand its reach. The group now ranks as...

Silent Ransom Group US law firm IT impersonation campaign

Campaign
H score36 First: 29.05.2026 16:00 Last: 29.05.2026 16:00 Sources 1

About this happening: **Silent Ransom Group (SRG)**, also tracked as **UNC3753**, **Chatty Spider**, and **Luna Moth**, is running a **financially motivated data theft extortion campaign** against **do...

Akira group rapid double-extortion ransomware activity

Malware Activity
H score45 First: 02.04.2026 16:00 Last: 02.04.2026 16:00 Sources 1

About this happening: **Akira** ransomware activity now includes **AdaptixC2** abuse in active intrusions, alongside the group’s **under-one-hour** to **under-four-hours** attack cadence. A **Silent Pu...

Timeline

  1. 11.11.2025 18:00 2 articles · 8mo ago

    Qilin ransomware activity surge and affiliate collaboration observed

    Initial Disclosure

    S-RM observed a rise in activity tied to the Qilin ransomware group, a ransomware-as-a-service operation active since 2023, and noted that affiliates of the Scattered Spider group are deploying Qilin’s RaaS platform. Qilin continues to gain initial access through unpatched VPN appliances, lack of MFA, exposed management interfaces, and single-factor remote access tools, while 88% of observed 2025 cases combined data theft with file encryption and sometimes published stolen data on dark-web leak sites if ransom was refused. Most victims are small-to-medium-sized businesses in construction, healthcare, and financial sectors, and Qilin has also experimented with Telegram and public extortion sites such as WikiLeaksV2.

    Show sources