Ransomware Group: QILIN

VICTIM NAME: AIP Asset Management

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On October 4, 2025, AIP Asset Management, a Canada-based financial services firm specializing in alternative investment strategies, was named as a victim in a ransomware leak post published on a dedicated leak page. The post frames the incident as a data-leak event rather than a pure encryption breach and claims that internal documents and investor data have been exposed or made publicly accessible, aligning with double-extortion tactics. The page describes the company’s global footprint, listing offices in Seoul, New York, Sydney, Singapore, and London. While the material does not provide a separate compromise date, the post date of October 4, 2025 should be treated as the publication date for the leak. The page includes a claim URL and features a gallery of eleven images that appear to be screenshots or scans of internal materials hosted on a Tor onion service.

The accompanying content suggests a data-leak scenario rather than a straightforward encryption event. It states that internal documents and investor personal data are publicly accessible as part of the leak, which is consistent with exfiltration-focused ransomware activity. The textual material notes the company’s international real estate portfolio, describing properties worldwide with a heavy European concentration (69%) and a small share in Korea (2%), which attackers present as part of the leaked data. No ransom amount or explicit demand is disclosed in the available excerpt. The body text also references contact tokens such as a Jabber handle and an FTP address, though the corresponding values are redacted in the public metadata. The image set comprises eleven items, described as screenshots of internal materials, reinforcing the page’s alignment with typical ransomware-leak portrayals.