Ransomware Group: QILIN

VICTIM NAME: elitavia[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak appears on a dark web site associated with a group known as “qilin.” The targeted entity is a prominent transportation and logistics company specializing in business aircraft services, including sales, leasing, charter, and management. The attack was publicly disclosed with the compromise date recorded as May 24, 2025. The leak indicates that sensitive information and potentially operational data may have been accessed or exfiltrated. The victim is based in Slovenia and operates one of Europe’s largest mixed fleet business aircraft services, highlighting the severity and scope of the breach. The leak page includes a screenshot that depicts internal documents and data related to the company’s operations.

Although specific details of the leaked data are not explicitly listed, the leak URL and associated claims suggest that data concerning the company’s internal structure, client information, or operational details could have been compromised. The presence of downloadable links hints at potential data exfiltration. The website hosting the leak includes a screenshot showing internal documentation, which underscores the seriousness of the breach. Furthermore, the attack’s public acknowledgment raises concerns over the security of sensitive business information in the aviation industry. No personally identifiable information was disclosed in the provided details, and the leak appears to be aimed at demonstrating the attackers’ access and demanding attention to the breach.