Ransomware Group: QILIN

VICTIM NAME: seabridge[.]eu+efico[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page centers on the victim identified as seabridge[.]eu+efico[.]com, described as a Belgium-based logistics service center and distribution platform for green coffee that sources beans from various countries and delivers to European markets. The post is attributed to the ransomware group Qilin and is dated August 19, 2025—the post date for this publication. The attackers claim they gained access and exfiltrated internal data, and they imply the stolen materials may be released publicly or offered for download, aligning with double-extortion patterns. The page also conveys the victim’s asserted emphasis on cybersecurity, including a claim that the security system is “impossible to hack.”

The leak page notes that 17 image attachments are included, described as screenshots of internal documents. The posted materials purportedly include a complete list of employees and their personal data, along with an internal document detailing restrictions and allowances for staff. Items described in the documents include prohibitions on joining Internet discussions, viewing pornography, or downloading audio-visual files, as well as a stated corporate right to read emails, monitor devices, and copy data in the name of security. The page also references a contact-style handle and an FTP credential line, though actual addresses and sensitive values have been redacted. As part of the presentation, onion-hosted resources are referenced, with URLs defanged in the public summary.

From a threat-actor perspective, the page attributes the intrusion to Qilin and frames the release of internal materials as a potential pressure point or bargaining chip. There is no explicit ransom amount shown in the excerpt, and there is no clearly stated compromise date beyond the post date of 2025-08-19. The material’s emphasis on employee personal data and internal policy documents signals substantial risk to individuals and to the organization’s operations and supply chain, should this data be exposed publicly or misused. The post also mentions a named cybersecurity figure, Youri Segers, and includes redacted contact avenues and an FTP-like credential line, illustrating typical leakage content designed to maximize public impact while obscuring direct details.