= Qilin (cybercrime group) =

Qilin is a Russian-speaking cybercrime organisation that has been linked to a number of incidents, including a ransomware attack on hospitals in London.

The group was detected by Trend Micro in August 2022 promoting ransomware called Agenda, which affiliates could tailor. The software at the time was written in Go and Trend Micro noted similarity of the source code with Black Basta, Black Matter and REvil families of malware.

==History==

In December 2022 the Agenda ransomware was rewritten in Rust.

Group-IB said they had infiltrated the group in March 2023 and that affiliates earn about 80 to 85% of each ransom payment.

In 2023, Qilin attacks included the following:
- Thornburi Energy Storage Systems, a battery manufacturer in Thailand
- Construction consultancy WT Partnership Asia
- Chinese car parts manufacturer Yanfen, which affected operations at US car maker Stellantis
In 2024, Qilin was named in the following attacks:
- Upper Merion Township in the United States was the victim of a ransomware attack where they claimed to have stolen 500 GB including information on staff and private contracts.
- Felda Global Ventures Holdings Berhad in Malaysia was also attacked.
- UK-based charity, the Big Issue had 550 GB of data stolen including personnel information, contracts and partner data.
- US business Skender Construction had 651 GB of data stolen impacting 1,067 people including names, addresses, dates of birth, payment details, passports and potentially health information.
- Several London hospitals declared a critical incident when a ransomware attack affected their systems.
In 2025, Qilin was named in the following attacks:
- US business Inotiv had 178 GB of data stolen, impacting multiple systems and data.
- In October 2025, Qilin claimed responsibility for a ransomware attack on Asahi, a major Japanese brewery.
- On October 10, the Qilin group attacked infrastructure in the Hauts-de-France region in northern France targeting the Académie d'Amiens. More than 1TB of data was stolen. This is currently the largest attack carried out by the Qilin group. IT services were impacted for several months and still are recovering to this day (10 nov 2025), including high schools computers, and other school related services.
- In June 2025, the Qilin group claimed responsibility for a data breach on the healthcare organization Covenant Health during May of the same year. The attack reportedly impacted more than 478,000 individuals.
