Ransomware Group: QILIN

VICTIM NAME: apollomd[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page concerns ApolloMD, a healthcare organization based in the United States. The attack was discovered on June 12, 2025, and the breach date is recorded as June 6, 2025. The incident involves the potential public release of sensitive data, which is scheduled for availability on June 16, 2025. The organization is a national medical group collaborating with over 100 healthcare facilities across the country, providing coordinated care services. The leak page indicates that a substantial amount of data could be compromised, and the threat actors have provided a link to a claim URL where further details and evidence of the breach can be viewed. The information emphasizes that the leaked data may include internal records, though specific contents remain unspecified at this point.

The page features a screenshot illustrating how the leaked data might appear, which includes visual representations of internal documents or systems used by the organization. No PII or employee-specific information is shown publicly; however, technical details suggest the involvement of infostealers such as Lumma and third-party entities with access to some user data. The threat actors have cited that all vulnerable data will be downloadable on a specified date, indicating a possible large-scale data exposure. The incident’s description underlines the potential impact on healthcare operations and emphasizes the importance of cybersecurity for safeguarding patient and organizational information. The leak page serves as a warning about the breach, with a focus on the threat of data dissemination that could compromise organizational integrity and patient privacy.