Ransomware Group: QILIN

VICTIM NAME: www[.]nuphoton[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Nuphoton Technologies, Inc., a well-established company specializing in fiber lasers and amplifiers used across various industrial, defense, aerospace, biomedical, telecommunications, and research sectors. The breach was discovered on June 30, 2025, and the attack is believed to have occurred on the same date. The leak was publicly announced by a hacking group named “qilin,” which is known for targeting technology companies. The page features a screenshot displaying internal information, indicating that sensitive data may have been compromised. There are references to data being leaked or made accessible through the provided onion link, suggesting that the attackers may have published or intend to publish stolen files.

Nuphoton Technologies has a long operational history since 1996, and its activities involve advanced fiber optic technology applications. Despite the company’s prominence in its industry, the ransomware group claims to have exfiltrated data and possibly implemented malicious access. While specific details such as the type of compromised information are not disclosed, the presence of a dedicated leak page indicates significant security implications. The attack appears to target the company’s digital infrastructure, with potential exposure of proprietary information and internal documents. The leak page includes a screenshot of internal content, which suggests that the attacker gained access to sensitive files. No further technical details about the type of data stolen are provided, but the leak’s existence highlights pressing cybersecurity concerns for the company and its stakeholders.