HQ/EMEAFind out how we can help your business
The Qilin ransomware gang has claimed responsibility for the recent data breach incident at the Ukrainian Ministry of Foreign Affairs. The claim is the latest addition to the gang’s cybercriminal operation spree against various entities globally.
This Russian-speaking state-sponsored APT group has been active recently and has been rampaging against different industries.
This ransomware group claimed to have taken sensitive data such as private letters, personal information, and official directives in its latest attack. Moreover, it stated that it had already sold some of the alleged stolen data to third parties.
Qilin ransomware revealed that it had already sold part of the alleged stolen data owned by Ukraine’s Ministry of Foreign Affairs.
Reports revealed that the Qilin ransomware group insisted that the stolen data allegedly owned by Ukraine’s Ministry of Foreign Affairs ended up in its hands. In addition, part of the compromised information was already sold successfully.
As of now, the rest of the unsold data includes private letters, personal information, and more. This discovery was based on the group’s dark web Tor leak site.
Furthermore, the ransomware organisation released photos of the stolen documents as proof of the attack.
Ukraine’s Ministry of Foreign Affairs has yet to confirm the data leak. This attack is part of the rising hybrid warfare in the continuing confrontation between Russia and Ukraine, which can be attributed to hacktivists and cybercrime groups associated with the Russian government’s plan.
The Qilin ransomware group has been operating since at least 2022, but it acquired traction in the cybercrime community in June 2024 when it attacked Synnovis, a UK government healthcare service provider.
The organisation typically conducts “double extortion,” which involves taking and encrypting victims’ data and then threatening to expose it unless a ransom is paid.
This Russian threat group’s ongoing hacking spree that targets different industries, especially Ukraine-based ones, shows how state-backed hackers are still working to take advantage of the geopolitical conflict.
Researchers should be on the lookout for this group’s activity to know more about how it operates and which targets are most likely to get targeted soon.
