[QILIN] – Ransomware Victim: SICE

AI Generated Summary of the Ransomware Leak Page

On October 14, 2025, a leak post published by the ransomware group qilin claims to have targeted SICE, a Spain-based multinational technology integrator for public infrastructure management. The post portrays SICE as a long-standing leader in technology integration, noting over a century of history and a broad footprint across ITS, tunnels, transportation, mobility and smart urban services, tolling, water management, security, and civil engineering. The message frames the incident as a data-leak event resulting from a successful intrusion, with the attackers asserting that internal data has been exfiltrated from SICE’s network. It states that the total amount of downloaded data is unknown at present and promises additional details later. The post includes a redacted Jabber contact and an encoded reference in the text, and it cites a claim URL without displaying the full address. Attribution is given to the group qilin, aligning the post with a data-exfiltration narrative rather than a simple encryption-only incident.

The leak page includes three images that appear to be internal documents or visuals, offered as part of the material exposed by the attackers. The exact contents of these images are not described in the excerpt. No ransom figure is disclosed on the page, and the post does not provide explicit encryption status beyond describing the event as a data leak; the amount of data exfiltrated remains unspecified, with a note that further details will be added. The post is dated 2025-10-14, and in the absence of a stated compromise date, this is presented as the post date. While the victim’s name is preserved, other company names in the text are not the focus of this CTI summary. The presence of three embedded images provides a tangible indicator of data exposure consistent with ransomware leak conventions.