Ransomware Group: QILIN

VICTIM NAME: NSS 長崎船舶装備株式会社

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to NSS 長崎船舶装備株式会社, a manufacturing company based in Japan with a long-standing history since 1943, primarily operating within the shipbuilding industry. The company provides interior construction services for ships, supporting Japan’s maritime sector with an extensive track record of excellence. The data breach was discovered on May 6, 2025, and the attack date is also recorded as May 6, 2025. The leak includes various files, potentially containing proprietary or operational information, and the page features a screenshot of internal documents or data management systems. Download links or data leaks are indicated, suggesting compromised information is available for extraction. The publicly accessible claim URL directs to a dark web site where the leaked data can be viewed. The incident has garnered attention due to the company’s significance in Japan’s shipbuilding industry and the potential impact of data exposure.

The victim’s profile emphasizes the company’s extensive experience in interior construction for ships, highlighting its role in supporting Japan’s maritime infrastructure. The attack was perpetrated by a known threat group associated with ransomware activities, identified as “qilin”. The website’s visual content includes screenshots that appear to display internal technical or operational details, although specific information has been neutralized for privacy and security reasons. No personally identifiable information (PII) or sensitive client data is publicly visible in this summary. The incident underscores the increasing risks faced by manufacturing firms involved in critical infrastructure sectors, especially when operating within specialized industries such as shipbuilding. The leak page serves as a warning for organizations to strengthen cybersecurity defenses against similar attacks.