Ransomware Group: QILIN

VICTIM NAME: Ahtna Incorporated

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 12, 2025, the leak page attributed to the threat group qilin claims to have compromised Ahtna Incorporated, a US-based construction and integrated services firm headquartered in Glennallen, Alaska. The post frames the incident as a data leak and asserts that sensitive internal information has been exfiltrated and may be exposed publicly or offered for sale. Background on Ahtna Incorporated is provided as an Alaska Native Regional Corporation formed under the Alaska Native Claims Settlement Act, noting ownership by more than 2,300 shareholders, the majority of whom are of Ahtna Athabascan descent. The page describes the company’s project profile—renovating water infrastructure, repairing airports, and constructing administrative and government facilities—and implies that the leaked materials could contain personal data of employees and customers, along with possible evidence of corrupt contracting practices and payment fraud. No ransom amount is disclosed in the excerpt, and the date shown corresponds to the post date.

The leak page states that 13 image attachments accompany the post, described only in general terms as internal documents or screenshots. The content suggests that the leaked materials may include sensitive personal data and redacted contact information or credential-like strings, consistent with ransomware operators’ double-extortion tactics that threaten public data release. There is no explicit ransom figure or deadline provided in the post, and the post date remains August 12, 2025.