Ransomware Group: QILIN

VICTIM NAME: Graphite Construction Group

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 17, 2025, a leak page attributed to the Qilin ransomware group lists Graphite Construction Group as a victim. The page frames the incident as a data-leak event rather than encryption, indicating that sensitive internal information has been exfiltrated and may be exposed publicly. A claim URL is referenced on the page, which is characteristic of ransomware leak posts that direct readers to additional material or proofs of exfiltration. A notable section titled Graphite in Numbers outlines the company’s scale: a 23-year history, $150 million in completed projects, 16 projects currently underway, $70 million completed and delivered in 2023, and a bid range spanning from $110,000 (lowest bid) to $31 million (highest bid). The post also notes that, in the past two years, Graphite Construction Group successfully awarded and completed approximately 64% of all bids it submitted. The post date serves as the timestamp for this entry, with no explicit compromise date provided in the excerpt.

The leak page includes eight image attachments that appear to be thumbnails or scans of internal documents or related graphics. The exact contents of these images are not described in the text, but their presence is used to illustrate leaked material typical of ransomware disclosures. Additionally, the excerpt contains lines that resemble contact or credential information; personal identifiers such as emails are redacted in this summary, and any credential-like strings shown in the source data have been omitted to protect privacy. There is mention of a claim URL, and while no direct downloads are displayed on the page, the overall presentation aligns with a data-leak notification rather than an encrypted payload.

Overall, the publication centers on Graphite Construction Group, a US-based construction company described as Central Iowa’s fastest-growing contractor. The entry demonstrates a data-leak narrative rather than an encryption-focused incident, supported by the presence of multiple image attachments and a public claim URL. The post date remains August 17, 2025, and no explicit compromise date is given; PII has been redacted to protect individuals, and URLs have been defanged where referenced in the source data.