Ransomware Group: QILIN

VICTIM NAME: compagnons-du-devoir[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to an attack on the non-profit organization known as the Association ouvrière des Compagnons du Devoir et du Tour de France (AOCDTF), based in France. The attack was discovered on May 16, 2025, and involves the potential public release of all organizational data scheduled for download on May 25, 2025. This data breach targets the organization’s sensitive information, which could include internal documents and operational data. The organization operates within the education sector, emphasizing skills-based training and community development. The leak appears to be part of a broader campaign targeting various entities, with the attacker group identified as ‘qilin.’

Technical details reveal that the attacker utilized multiple infostealer malware variants, including Raccoon, RedLine, Lumma, and others, to compromise victim networks. These malicious tools have historically been used for data theft, credential harvesting, and network infiltration. The breach involved cybercriminals gathering information from approximately 303 users and 38 third-party domains, indicating a significant impact scope. The incident is accompanied by visual evidence, including a screenshot of the compromised data, which showcases internal documents or system screenshots without revealing sensitive PII, in accordance with responsible reporting standards. The leak not only threatens internal data confidentiality but also risks reputational damage, emphasizing the importance of cybersecurity vigilance in the education sector.