Ransomware Group: QILIN

VICTIM NAME: www[.]afmco[.]jo

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page involves a victim identified with the domain www.afmco.jo, located in Jordan. The attack was discovered on July 31, 2025, with an attack date officially recorded as July 30, 2025. The incident appears to affect the administrative functions of the organization, which is associated with economic activities within the region. The leak and compromise are part of a targeted campaign by the threat group known as “Qilin.” The page features a screenshot depicting internal documents or data, indicating a significant breach involving sensitive organizational information. While specific stolen data are not detailed publicly, the presence of download links or leaked files is implied, emphasizing the severity of the breach.

The leaked content is linked through a unique claim URL on a dark web site, which likely contains evidence of the compromise. The victim’s description highlights their role within the economic zone, suggesting potential impacts on governance and operational confidentiality. The compromised server appears to hold critical administrative or organizational data, which has been targeted by cybercriminals intending to leak or sell stolen information. The image associated with the leak shows screenshots of internal information, possibly including sensitive documents or communications, which could pose further risks if accessed without authorization. Overall, this incident underscores the ongoing threat posed by ransomware groups targeting regional economic authorities.