Ransomware Group: QILIN

VICTIM NAME: norsk[.]global

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to the recipient identified as “norsk.global,” a Norwegian-based company operating in the technology sector with a focus on international shipping. The attack was publicly disclosed on June 27, 2025, and the leak was discovered roughly their public statement time, indicating active engagement and recent compromise. The data leak includes details such as the company’s business activities, notably related to international shipments and high-value vehicle transactions. A screenshot illustrating internal information is available, but explicit sensitive or PII details are not revealed in the summary. The breach appears to involve the Qilin group, known for targeted attacks in the cybercriminal landscape.

The leak contains information potentially including internal documents or correspondence, but no specific PII or confidential data is disclosed publicly. Notably, the data suggests the presence of an infostealer identified as “Lumma,” which may have been used to extract information from the victim’s environment. On the technical front, multiple users are associated with the compromised data, but no evidence points to the exposure of employee or client PII. Download links or data extracts are indicated as available, though explicit URLs are not provided here. The incident highlights the ongoing threat faced by companies managing sensitive international shipping operations, emphasizing the importance of cybersecurity vigilance.