Trout Software
← ALL GROUPS

qilin

110 total attacksRank #114.4% share8 sectors targeted10 countries
ACTIVITY OVER TIME

TOTAL ATTACKS

110

REPORTS APPEARED IN

1

GLOBAL RANK

#1

ATTACK SHARE

14.4%

GROUP PROFILE

Qilin operates as a highly sophisticated RaaS platform that has achieved explosive growth with 110 attacks this period, establishing itself as one of the most dominant ransomware operations we've tracked. The group employs double extortion tactics, leveraging T1190 to exploit public-facing applications like VPN gateways and unpatched web servers as their primary initial access vector, followed by T1003 credential dumping and T1021.001 RDP-based lateral movement to maximize network compromise. Their strategic targeting focuses on technology and manufacturing sectors across the US and Europe, with recent high-profile incidents including Romania's National Oil Pipeline Operator demonstrating their capability to breach critical infrastructure. The group's rapid ascension from relatively unknown to top-tier threat reflects their operationally mature approach to affiliate recruitment and their ability to consistently deliver high-value compromises that justify premium ransom demands.

MITRE ATT&CK — KILL CHAIN
Initial Access
T1190Exploit Public-Facing Application
T1566Phishing
Execution
T1059.001PowerShell
T1059.003Windows Command Shell
Persistence
T1078Valid Accounts
Privilege Escalation
T1068Exploitation for Privilege Escalation
Defense Evasion
T1562.001Disable or Modify Tools
T1070.004File Deletion
Credential Access
T1003OS Credential Dumping
Discovery
T1083File and Directory Discovery
T1018Remote System Discovery
Lateral Movement
T1021.001Remote Desktop Protocol
Collection
T1005Data from Local System
Exfiltration
T1041Exfiltration Over C2 Channel
Impact
T1486Data Encrypted for Impact
T1490Inhibit System Recovery
11 TACTICS|16 TECHNIQUES|Click technique IDs for MITRE ATT&CK details
TARGETED SECTORS
TARGETED COUNTRIES
US: 54DE: 10FR: 8CA: 6MX: 4
REPORT APPEARANCES
February 2026110 attacks
COMMUNITY INTELLIGENCE — REDDIT

3

upvotes

Qilin Ransomware Breach Confirmed at Romania’s National Oil Pipeline Operator

Romania’s national oil pipeline operator Conpet has confirmed that it suffered a data breach following a ransomware attack attributed to the Qilin group. While the company stressed that operational sy...

r/secithubcommunity1 comments23d ago

177

upvotes

Romania’s national oil pipeline operator, Conpet S.A., confirms that the Qilin ransomware gang stole company data in an attack last week.

r/technews5 comments23d ago

43

upvotes

Qilin Ransomware Claims Data Theft from Church of Scientology

The Qilin ransomware group has listed the Church of Scientology on its dark web leak site, claiming responsibility for a breach and publishing 22 screenshots as proof of access. The group has not disc...

r/scientology37 comments3mo ago

6

upvotes

Qilin Ransomware: Real Cases, IoCs, and Why Defenders Treat It as a Top-Tier Threat

Qilin ransomware has gained serious traction in the last couple of years, and it’s becoming one of the more concerning RaaS families for SOC teams. Unlike spray-and-pray variants, Qilin’s affiliates p...

r/Malware1 comments3mo ago

142

upvotes

Japan's Asahi hack that halted beer production claimed by Qilin ransomware group

>Qilin, which operates a ransomware-as-a-service platform that allows users to carry out attacks in exchange for a percentage of extortion proceeds, posted 29 images to its website on Tuesday of wh...

r/japannews41 comments5mo ago

2.0k

upvotes

my dad's company got attacked by Qilin Ransomware.

my dad's company recently got attacked by this ransomware. my dad's and his co-workers' salaries maybe will get cut off to pay the ransom. is there a way to fix this without paying the ransom? my dad...

r/ransomwarehelp103 comments7mo ago