Qilin Ransomware Continues to Impact Manufacturing

Cyber Security News by CyberSum.net

Published on October 27, 2025 at 04:45 PM

5 sources

In the second half of 2025, the Qilin ransomware group has continued to publish victim information on its leak site at a pace of more than 40 cases per month, making it one of the most impactful ransomware groups worldwide. The manufacturing sector has been the most affected, followed by professional and scientific services, and wholesale trade. Although this could be a false flag, some of the scripts used by the attacker contained character encodings that point to Eastern Europe or a Russian-speaking region. Talos identified an open-source tool named Cyberduck, which enables file transfers to cloud servers, among the tools used for data exfiltration.

Also Read

RedTiger Infostealer Targets Discord Users and Gamers

Attackers are exploiting the open-source red-team tool RedTiger to create an infostealer that collects Discord account data, payment information, and browser credentials. The malware, which can also steal cryptocurrency wallet data and game accounts, uses a Python-based penetration testing suite. It captures webcam snapshots, screenshots, and intercepts API calls to steal sensitive data. The malware is distributed through various channels, including Discord channels and malicious software download sites. Users are advised to avoid downloading executables from unverified sources and to enable multi-factor authentication.

By Cyber Security News by CyberSum.netOctober 28, 2025 at 07:51 AM