Ransomware Group: QILIN

VICTIM NAME: idscorporation[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 20, 2025, the leak page associated with the ransomware group Qilin identifies idscorporation[.]com as a victim. The target is described as a Japan-based technology company that provides systems engineering, consulting, design, and manufacturing services for unmanned systems ranging from airborne to ground-based platforms. The post fits the typical ransomware-leak format, presenting a public claim of intrusion and the inclusion of a technical appendix. The page notes that a dedicated claim URL is present, which is commonly used to verify the attackers’ claims or to direct readers to additional data. The explicit post date is August 20, 2025; there is no separately disclosed compromise date in the provided data, so the post date is treated as the reference point for timing. In line with the instruction to focus on the victim name, this summary centers on idscorporation[.]com and does not emphasize other entities mentioned in the leak text.

The page includes eight image attachments, described in general terms as internal documents or related graphics accompanying the post. These visuals are not described in detail within the dataset, but their presence indicates that the attackers furnished illustrative material to accompany their claims. The leak also references contact channels and identifiers that have been sanitized for privacy—such as a redacted Jabber address and a hashed TOX fingerprint—along with an FTP-like data-share reference that is likewise redacted. There is no explicit ransom figure or encryption status stated in the sanitized excerpt; the narrative appears to emphasize the existence of a technical appendix and the public claim rather than providing a disclosed amount or encryption outcome. The overall presentation is consistent with a data-leak style common to ransomware operations, with idscorporation[.]com as the primary victim focus.