Ransomware Group: QILIN

VICTIM NAME: cityofbelvedere[.]org

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to the city of Belvedere, a small and historic city in California, United States. The attack was discovered on June 5, 2025, and involves data associated with the city’s official domain. According to the leak notification, all compromised data is scheduled to be available for download starting June 18, 2025. The breach impacts the public sector, and the attackers have identified themselves as part of the ‘qilin’ group. The leak page includes a screenshot that appears to show internal documents or data structures related to the city’s information systems.

No specific personally identifiable information or sensitive details are publicly revealed at this stage, but the leak indicates that a significant amount of city data may be exposed soon. The attack could impact local government operations and public services. The threat actors have provided a link to a claimed proof or claim URL hosted on an onion site, emphasizing the scheduled public data release. The breach underscores ongoing cybersecurity threats facing municipal government entities and the importance of timely response and mitigation strategies.