Ransomware Group: QILIN

VICTIM NAME: office-national

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page pertains to Office National, a prominent Australian network of independent office supply stores based in a suburb of Sydney, NSW. The incident was discovered on May 30, 2025, and the attack date is recorded as May 30, 2025. The group responsible for the attack is identified as “qilin.” The page includes a screenshot showing possibly internal documents or data, indicating a breach that involved data exfiltration. The leak suggests the presence of sensitive information related to the business, although specific types of data are not detailed publicly. The incident signifies a significant security event affecting a well-known national retail chain in Australia.

The threat actor has provided a claim URL associated with the incident, which is hosted on a Tor network, suggesting official acknowledgment of the breach. The leak page was updated to specify the victim’s country and confirms the attack impacted the company’s operations. While no explicit mention of data types or compromised information is available, the leak’s existence and the provided visual evidence imply potential exposure of internal business data. The event underscores the importance of cybersecurity vigilance for retail and business service organizations operating in Australia, emphasizing the risks associated with ransomware attacks targeted at sensitive operational data. No personal or PII information related to individuals has been revealed, maintaining privacy standards in reporting.