Ransomware Group: QILIN

VICTIM NAME: Morgenstern AG

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On the ransomware leak page attributed to the actor qilin, the victim is Morgenstern AG. The page describes Morgenstern AG as a provider of print and document solutions, including consulting services and digital workspace implementations. The post date in the metadata is 2025-08-15, and the excerpt references an earlier note from 2025-08-07 indicating the organization had repelled the intrusion at that time. The post does not clearly state whether the attackers encrypted systems or exfiltrated data, and there is no explicit ransom demand mentioned in the available text. A claim URL is indicated on the leak page, though the exact link is not shown here due to redaction.

Regarding visual content, the dataset shows no images or screenshots on the page (images_count = 0) and no downloadable files or additional links beyond the claim URL. The page appears to focus on publicizing the incident rather than sharing data samples. The victim is the sole entity named in the excerpt, with the country listed as CH; the descriptive text notes a German-context for the company, which may require validation. The presence of a claim URL suggests there may be further information in future postings, though the current excerpt provides no ransom figure or encryption claim.

From a threat intelligence perspective, this entry aligns with a typical initial leak disclosure by the ransomware group qilin. The absence of explicit encryption details or a stated ransom amount means the exact impact—whether encryption of systems or a data-leak scenario—cannot be confirmed from the provided data. Analysts should monitor for updates from the same leak page for additional materials or statements that might clarify the scope, data exposure, or extortion demands; in the meantime, only high-level business context and the existence of a claim URL are established.