Ransomware Group: QILIN

VICTIM NAME: radicon

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a manufacturing company based in India, known for producing industrial gear components and custom-engineered gearboxes. The incident was discovered on May 31, 2025, with the attack date recorded as May 30, 2025. The leak includes a screenshot of the compromised website, which suggests that sensitive internal information may have been accessed or exposed. The group responsible for the attack is identified as “qilin,” and the publicly available claim URL indicates an official posting on the dark web, outlining the details of the breach. The leak might involve data related to the company’s product range, manufacturing processes, or internal communications, though specific files or data specifics are not detailed publicly.

The victim operates in the manufacturing sector, specializing in gear systems, geared motors, and custom machinery. The attack’s disclosure aligns with typical ransomware activity, aiming to threaten data exposure or extortion. Images hint at possible internal documentation or website screenshots, but no explicit files or compromised data have been publicly detailed. This incident underscores the potential risk for industrial manufacturing firms to be targeted by cybercriminal groups seeking confidential corporate information. The leak’s public view on the dark web further indicates an intent to pressure the victim into complying with ransom demands, although the specifics of the data compromised remain undisclosed.