Ransomware Group: QILIN

VICTIM NAME: IONODES

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

IONODES, a Canada-based technology company that designs and configures IP video storage, management, and display solutions, is identified as the victim on the leak page attributed to the threat group Qilin. The company’s product lines include IP video encoders and decoders, NVR servers, recording devices, and related workstations, with headquarters in Montreal and an additional office in Luxembourg. The page frames the incident as a data leak rather than an encryption event and is dated October 3, 2025. The attackers claim to have exfiltrated internal data, including a substantial collection of video files from customers’ cameras, and to have published code and detailed connection diagrams for those cameras, asserting that anyone could access every camera IONODES has installed.

The leak page notes the presence of ten image assets associated with the post, described only in general terms as images or thumbnails likely representing internal materials or related visuals. In addition to the images, the post references contact channels linked to the attackers—such as a Jabber handle and a Tox ID—with the sensitive identifiers redacted to remove personal information. An FTP address is also mentioned in the text, though credentials are not reproduced here. Taken together, the page presents a broad data-leak scenario involving customer video data and related code or diagrams, without revealing a ransom amount on the page.

Contextual notes indicate that IONODES is portrayed as a Canada-based tech vendor focused on IP video technologies, with Montreal as its base and a Luxembourg office. The post does not provide a distinct compromise date beyond the published post date; thus, October 3, 2025, is treated as the post date. The document attributes the incident to Qilin and emphasizes a privacy risk stemming from exposed customer video feeds and device configurations rather than an encrypted loss of data. No monetary ransom figure is disclosed in the leak page materials, though the data and diagrams are asserted to be publicly accessible according to the post.