Ransomware Group: QILIN

VICTIM NAME: Trustar Capital Management Co

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The victim named Trustar Capital Management Co is presented on the leak page as a financial services firm operating as a specialized asset manager in private equity. The post is issued under the threat actor label qilin and the leak is categorized as Korean Leak3. The page states that a data-leak event occurred and that all of the company’s information has been made publicly accessible. The post date is September 25, 2025; no separate compromise date is provided, so the publication date is being used as the incident reference. The description notes that the company reportedly manages an asset portfolio of 2.4 billion won (about $1.7 million) and was registered with the Financial Services Commission on July 29, 2022. According to the page, budgets, contracts, profits, near‑term development plans, and investor data— including data from investors who wished to remain anonymous—are now publicly available. The page includes a claim URL and references contact channels, though identifying details such as emails and credentials are redacted in this copy.

The leak page documents 30 image attachments described as screenshots of internal documents, provided as evidence of the data exfiltration. The exact contents of these images are not described in the summary. The post provides no explicit ransom amount in the visible text, and the related field is blank, indicating that no direct monetary demand is disclosed here. The narrative on the page emphasizes a broader objective to publish data on companies within the Korean financial market, signaling a data‑leak scenario rather than a standard encryption event. Additionally, the metadata notes a claim URL present and indicates redacted contact details, including an email address and FTP credentials, which are not shown in full.

The leak page’s annotations reference image assets hosted on onion addresses, with 30 image thumbnails purportedly representing internal documents. While the exact image contents are not described, their presence is intended to substantiate the claim of data exposure. The victim name remains the focal point of this summary, while other company names mentioned in the text are not elaborated here. All non‑essential PII (emails, phone numbers, addresses) has been redacted, and URLs are defanged or described in general terms to avoid direct linking. The overall assertion is that Trustar Capital Management Co faced a data‑leak event with public disclosure of sensitive corporate and investor data, as claimed by the threat actor group behind Korean Leak3.