Ransomware Group: QILIN

VICTIM NAME: dugoni

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Dugoni, a company specializing in Facilities Management and Commercial Cleaning services. The company operates in Italy, specifically in Mantova, Lombardy, and employs between 20 to 49 staff members with an annual revenue ranging from one to five million euros. The breach was discovered on June 9, 2025, and the attack date is recorded as June 8, 2025. The page indicates that sensitive internal information may have been compromised, and it includes a screenshot of internal documents, which suggests a possible leak of confidential data. It is important to note that no personally identifiable information or specific sensitive details are disclosed publicly. A claim link is provided for further verification, but it is accessible only via the dark web.

The leak appears to be associated with a hacking group named “Qilin,” which is known for targeting organizations for data extortion. The presentation includes a visual screenshot of the compromised data as evidence of the breach. The incident affects a mid-sized company within the business services industry in Italy, emphasizing the ongoing risk to organizations with valuable operational data. The presence of a dedicated claim URL on the dark web suggests that the threat actors are actively asserting control over the stolen information and are prepared to negotiate or demand ransom payments. There is no indication of additional leaked files or explicit data in the public domain beyond the graphical evidence. Overall, the event underscores the importance of cybersecurity measures for organizations handling sensitive operational information.