Qilin (cybercrime group): Difference between revisions
Content deleted Content added
Expand background with references. |
No edit summary |
||
| Line 2: | Line 2: | ||
'''Qilin''' is a Russian-speaking [[cybercrime]] organisation that has been linked to a number of incidents, including a [[ransomware]] attack on hospitals in London.<ref name=guardian-who-are-qilin>{{Cite news |last=Hern |first=Alex |last2= |first2= |date=2024-06-05 |title=Who are Qilin, the cybercriminals thought behind the London hospitals hack? |url=https://www.theguardian.com/technology/article/2024/jun/05/who-are-qilin-the-cybercriminals-thought-behind-the-london-hospitals-hack |publisher=[[The Guardian]]|access-date=2024-06-05 |work=The Guardian |language=en-GB |issn=0261-3077}}</ref><ref name=computer-weekly-qilin-gang-behind-nhs>{{Cite web |title=Qilin ransomware gang likely behind crippling NHS attack {{!}} Computer Weekly |url=https://www.computerweekly.com/news/366587407/Qilin-ransomware-gang-likely-behind-crippling-NHS-attack |access-date=2024-06-05 |website=ComputerWeekly.com |language=en}}</ref> |
'''Qilin''' is a Russian-speaking [[cybercrime]] organisation that has been linked to a number of incidents, including a [[ransomware]] attack on hospitals in London.<ref name=guardian-who-are-qilin>{{Cite news |last=Hern |first=Alex |last2= |first2= |date=2024-06-05 |title=Who are Qilin, the cybercriminals thought behind the London hospitals hack? |url=https://www.theguardian.com/technology/article/2024/jun/05/who-are-qilin-the-cybercriminals-thought-behind-the-london-hospitals-hack |publisher=[[The Guardian]]|access-date=2024-06-05 |work=The Guardian |language=en-GB |issn=0261-3077}}</ref><ref name=computer-weekly-qilin-gang-behind-nhs>{{Cite web |title=Qilin ransomware gang likely behind crippling NHS attack {{!}} Computer Weekly |url=https://www.computerweekly.com/news/366587407/Qilin-ransomware-gang-likely-behind-crippling-NHS-attack |access-date=2024-06-05 |website=ComputerWeekly.com |language=en}}</ref> |
||
The group was detected by [[Trend Micro]] in August 2022 promoting ransomware called Agenda, which affiliates could tailor.<ref name=thn-new-golang-based-agenda-ransomware>{{Cite news |title=New Golang-based 'Agenda Ransomware' Can Be Customized For Each Victim |url=https://thehackernews.com/2022/08/new-golang-based-agenda-ransomware-can.html |last=Lakshmanan |first=Ravi |date=2022-08-29 |
The group was detected by [[Trend Micro]] in August 2022 promoting ransomware called Agenda, which affiliates could tailor.<ref name=thn-new-golang-based-agenda-ransomware>{{Cite news |title=New Golang-based 'Agenda Ransomware' Can Be Customized For Each Victim |url=https://thehackernews.com/2022/08/new-golang-based-agenda-ransomware-can.html |last=Lakshmanan |first=Ravi |date=2022-08-29 |access-date=2024-06-25 |work=The Hacker News}}</ref> The software at the time was written in [[Go (programming language)|Go]] and Trend Micro noted similarity of the source code with Black Basta, Black Matter and [[REvil]] families of malware.<ref name=thn-new-golang-based-agenda-ransomware/> |
||
In December 2022 the Agenda ransomware was rewritten in [[Rust (programming language)|Rust]].<ref name=thn-inside-qilin-ransomware>{{Cite news |title=Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts |url=https://thehackernews.com/2023/05/inside-qilin-ransomware-affiliates-take.html |last=Lakshmanan |first=Ravie |date=2023-05-16 |access-date=2024-06-25 |work=The Hacker News}}</ref> |
In December 2022 the Agenda ransomware was rewritten in [[Rust (programming language)|Rust]].<ref name=thn-inside-qilin-ransomware>{{Cite news |title=Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts |url=https://thehackernews.com/2023/05/inside-qilin-ransomware-affiliates-take.html |last=Lakshmanan |first=Ravie |date=2023-05-16 |access-date=2024-06-25 |work=The Hacker News}}</ref> |
||
Revision as of 19:06, 25 June 2024
Qilin is a Russian-speaking cybercrime organisation that has been linked to a number of incidents, including a ransomware attack on hospitals in London.[1][2]
The group was detected by Trend Micro in August 2022 promoting ransomware called Agenda, which affiliates could tailor.[3] The software at the time was written in Go and Trend Micro noted similarity of the source code with Black Basta, Black Matter and REvil families of malware.[3]
In December 2022 the Agenda ransomware was rewritten in Rust.[4]
Group-IB said they had infiltrated the group in March 2023 and that affiliates earn about 80 to 85% of each ransom payment.[4]
In 2023, Qilin attacks included the following:
- Thailand battery manufacturer, Thornburi Energy Storage Systems, a battery manufacturer in Thailand
- Construction consultancy WT Partnership Asia
- Chinese car parts manufacturer Yanfen, which affected operations at US car maker Stellantis
In 2024, Qilin was named in the following attacks:
- Upper Merion Township in the United States was the victim of a ransomware attack where they claimed to have stolen 500GB including information on staff and private contracts.[5]
- Felda Global Ventures Holdings Berhad in Malaysia was also attacked.[5]
- UK-based charity, the Big Issue had 550GB of data stolen including personnel information, contracts and partner data[5]
- US business Skender Construction had 651GB of data stolen impacting 1,067 people including names, addresses, dates of birth, payment details passports and potentially health information.[5]
- Several London hospitals declared a critical incident when a ransomware attack affected their systems.[1][2]
References
- ^ a b Hern, Alex (2024-06-05). "Who are Qilin, the cybercriminals thought behind the London hospitals hack?". The Guardian. The Guardian. ISSN 0261-3077. Retrieved 2024-06-05.
- ^ a b "Qilin ransomware gang likely behind crippling NHS attack | Computer Weekly". ComputerWeekly.com. Retrieved 2024-06-05.
- ^ a b Lakshmanan, Ravi (2022-08-29). "New Golang-based 'Agenda Ransomware' Can Be Customized For Each Victim". The Hacker News. Retrieved 2024-06-25.
- ^ a b Lakshmanan, Ravie (2023-05-16). "Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts". The Hacker News. Retrieved 2024-06-25.
- ^ a b c d "Street newspaper appears to have Big Issue with Qilin ransomware gang". The Register. 2024-06-01. Retrieved 2024-06-05.