Ransomware Group: QILIN

VICTIM NAME: Cenomi Retail

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Cenomi Retail, a company specializing in sports merchandise and equipment with a broad international presence, including regions in North America, the Middle East, Africa, and Asia. The attack was discovered on July 3, 2025, and the data breach was publicly disclosed on the same day. The leaked information was made available on an accessible dark web claim URL, which is linked to a group identified as “qilin.” The website provides a visual screenshot showing some form of internal data or documents, indicating the breach involved sensitive or proprietary information. The leak could potentially affect the company’s operations or reputation, though specific details about the data compromised are not disclosed.

The incident appears to be part of a malicious campaign targeting prominent retail companies, with data claimed to be leaked on the dark web. The attack timing, associated group, and available images suggest the hackers may have stolen proprietary information or internal communications. As the activity is identified in Japan, the breach underscores the growing threat landscape affecting multinational corporations. The leak page does not specify the exact nature of the compromised data or whether download links are available, but the presence of a dedicated claim URL indicates ongoing threat activity. Organizations should review their security measures to prevent similar incidents and mitigate potential damages from such breaches.