Ransomware Group: QILIN

VICTIM NAME: Yooshin Engineering Corporation

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Yooshin Engineering Corporation, a construction-sector engineering consulting firm based in South Korea, is presented as the victim on the leak page. The post is dated September 26, 2025 (the post date; no compromise date is provided in the data). The attackers frame the incident as a data-leak event rather than an encryption scenario and provide a downloadable file link via a defanged onion address: The page notes there are 22 images associated with the post, which appear to be screenshots or internal documents. There is no explicit ransom amount stated in the post, and no direct encryption status is indicated in the text provided.

A review of the page’s descriptive content shows Yooshin Engineering Corporation as a Seoul-based firm offering engineering consulting services in South Korea and internationally. The services listed include feasibility studies, basic and detailed design, construction project management, and post-completion maintenance, with work spanning transportation infrastructure (highways, local roads, railways, airports, ports, bridges, tunnels) and related facilities. The company is described as founded in 1966 and headquartered in Seoul. The leak page also references a downloadable onion link for alleged stolen files and mentions contact channels (with sensitive details redacted). The overall presentation aligns with a data-leak style post rather than a clearly stated encryption event, and no ransom figure is provided in the available text.