Ransomware Group: QILIN

VICTIM NAME: Spohn + Burkhardt GmbH & Co KG

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 21, 2025, a leak page associated with the ransomware group qilin targets Spohn + Burkhardt GmbH & Co KG, a German manufacturing company that produces customized control transmitters, control systems, and resistors. The post presents the incident as a data-leak event rather than a traditional encryption of the victim’s systems and claims that a comprehensive data archive—containing drawings and schematics for all devices produced by the victim—has been published. It argues that making these designs publicly available could allow third parties to manufacture cheaper, potentially inferior analogs without engaging the company directly, thereby threatening the victim’s business. The post frames the publication of this archive as jeopardizing the company’s existence.

The leak page lists nineteen images as part of the evidence, described as screenshots or thumbnails that appear to depict internal documents or schematics related to the victim’s products. These assets are associated with a Tor onion service, and attacker contact details are referenced in the text (including a Jabber handle and an encrypted contact URI); in the sanitized data these contact fields are redacted to protect PII. There is no explicit ransom amount shown in the available content, and no stated compromise date is provided—the post date is recorded as August 21, 2025. The metadata identifies the actor as the qilin group, aligning with its profile of data-leak extortion activity.