Ransomware Group: QILIN

VICTIM NAME: faycom

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a company named Faycom, based in Spain, which specializes in supplying replacement parts and accessories for various vehicles, including trucks, vans, and agricultural machinery. The attack was publicly disclosed on June 12, 2025, with the data discovery date recorded as June 13, 2025. Although the activity or industry of the company is not specified, the description indicates a focus on vehicle parts and safety components. The leak page includes a screenshot of internal documents or data, indicating the presence of compromised information available for download. The compromised data may involve technical details related to Faycom’s operations but does not specify PII or sensitive customer information.

The leak is associated with a hacking group named “Qilin,” and the breach appears to include leaked internal data accessible via a specific claim URL on the dark web. The incident emphasizes the importance of cybersecurity measures for companies in the vehicle parts sector, especially those operating in regions like Spain. The leak could potentially expose proprietary data or operational details but intentionally avoids sensitive personal or corporate identifiers in the publicly available summary. The page features a screenshot hinting at stolen internal content, which may include operational or technical files that could be exploited by malicious actors.