Widely attributedUnknownQilin
Russian-speaking ransomware group detected in 2022, originally using the Agenda ransomware. Known for attacks on NHS hospitals in London. Operates RaaS model with Go-based ransomware.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 LowAttribution signals
12 mentions · 5 sources"it had confirmed the bug was being exploited by a known ransomware group called Qilin to hack into "a few dozen targeted organizations globally""
"~30% of all LATAM ransomware victims attributed to Qilin"
"Ransomware group Qilin has taken responsibility for a cyber-attack targeting German political party Die Linke"
"an affiliate of the Qilin ransomware group has exploited the flaw in "post-compromise activity.""
"ransomware operators, including prolific groups using REDBIKE (Akira) and AGENDA (Qilin), actively targeted backup infrastructure"
"we assess with medium confidence that the actor behind the exploitation of CVE-2026-50751 is financially motivated, uses Qilin ransomware"
"One case involved post-compromise activity linked to a Qilin ransomware affiliate with medium confidence."
"ransomware activity was led by Akira, Qilin, and Safepay"
"At least one incident has been linked to a Qilin ransomware affiliate, which Check Point assesses with medium confidence."
"at least one incident has been linked, with medium confidence, to a Qilin ransomware affiliate."
"various members of the Scattered Spider group utilizing an encryptor from the Qilin group when they had previously relied on the encryptor used by BlackCat/ALPHV"
Hedge terms observed