Ransomware Group: QILIN

VICTIM NAME: www[.]meduane-habitat[.]fr

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On September 23, 2025, the leak page identifies the victim as www[.]meduane-habitat[.]fr, the domain of Méduane Habitat, a French construction organization focused on building and renting social housing. The organization manages about 6,300 housing units, primarily in Laval, with expansion since 1996 to other municipalities in the Laval agglomeration and the Mayenne department. The post frames the incident as a data-exfiltration event rather than a straightforward encryption attack, claiming that attackers have exfiltrated information and intend to publish it publicly. It asserts that personal data of employees and all customers will be made public, along with financial information such as budgets, contracts, and profit reports. The leak page suggests that the stolen data may be released publicly and that numerous tenant complaints, previously not resolved, will also be accessible. The post does not disclose a ransom amount.

The leak page includes three image attachments described only in general terms as screenshots of internal material. The exact contents are not disclosed, but their presence is presented as evidence of the claimed data exfiltration. The page also lists contact channels with redacted identifiers (an email field is shown as redacted) and an FTP credential that is likewise redacted, implying additional data-sharing channels without exposing sensitive details. There are no downloadable files or external links shown on the page, and the post date is 23 September 2025, which is treated as the post date since no separate compromise date is provided.