Qilin

Also known as: Agenda, Qilin Ransomware Group, Water Galura

ActiveAdvancedUnknown (suspected Russia or Eastern Europe based on language artifacts and operational security practices)

Profile generated with AI assistance — review before citing.

0Campaigns

41Techniques

22IOCs

37Tools

0Matches

9Infrastructure

Overview

Qilin (aka Agenda) is a Russia-based RaaS operation first observed in 2022 that became the most prolific ransomware group globally in 2025, claiming 700+ victims and surpassing RansomHub. Operating under a double-extortion model with 80-85% affiliate profit shares, Qilin evolved from Golang to Rust-based variants targeting Windows, Linux, and ESXi. The group formed a strategic alliance with LockBit and DragonForce in September 2025, added DDoS capabilities, spam campaigns, automated network propagation, and a 'Call Lawyer' feature for victims. Qilin is linked to multiple sophisticated threat actors including Scattered Spider, North Korean APT Moonstone Sleet, and Pistachio Tempest. In 2025, the group executed 1,000+ attacks, amassed over $50 million in ransom payments in 2024 alone, and continues aggressive targeting of critical infrastructure, healthcare, manufacturing, and government sectors globally.

Motivations

Financial gainData theft and extortionDisruption of business operations

Target Sectors

Healthcare and public healthManufacturingCritical infrastructureFinancial servicesEducationTechnology servicesProfessional servicesGovernment agenciesConstructionTransportation and logisticsTransportationTechnologyLegalRetailState/local/tribal/territorial government (SLTT)Emergency servicesTelecommunicationsHealthcareLegal ServicesLogistics

Activity Timeline

First Seen

Jul 2022

Last Seen

Jan 2025

Quick Facts

OriginUnknown (suspected Russia or Eastern Europe based on language artifacts and operational security practices)

Sophisticationadvanced

StatusActive

MITRE ATT&CK Techniques

(41)

Impact

T1486

Data Encrypted for Impact

Encrypt victim data to disrupt availability, typically for ransom.

T1490

Inhibit System Recovery

Delete backups, shadow copies, or recovery partitions to prevent restoration.

T1489

Service Stop

Stop critical services to disrupt operations or aid in data destruction.

T1529

System Shutdown/Reboot

Shut down or reboot systems to disrupt operations.

Other

Execution

T1059.001

PowerShell

Use PowerShell commands and scripts for execution and automation.

T1047

Windows Management Instrumentation

Use WMI to execute commands and manage systems remotely.

T1053

Scheduled Task/Job

Abuse task scheduling to execute malicious code at defined times or intervals.

Lateral Movement

T1021.001

Remote Desktop Protocol

Use RDP to connect to and control remote systems.

T1021.002

SMB/Windows Admin Shares

Use SMB and administrative shares (C$, ADMIN$) to access remote systems.

Initial Access

T1078

Valid Accounts

Use legitimate credentials to authenticate and gain access.

T1190

Exploit Public-Facing Application

Exploit vulnerabilities in internet-facing applications to gain access.

T1566

Phishing

Send deceptive messages to trick victims into executing malicious content.

T1133

External Remote Services

Abuse remote services like VPNs or RDP to gain access to the network.

Credential Access

T1003.001

LSASS Memory

Access LSASS process memory to extract credential material.

Defense Evasion

T1027

Obfuscated Files or Information

Encrypt, encode, or obfuscate payloads and data to evade detection.

T1218

System Binary Proxy Execution

Use signed system binaries to proxy execution of malicious content.

T1036

Masquerading

Disguise malicious artifacts by manipulating names or locations to appear legitimate.

Discovery

T1083

File and Directory Discovery

Enumerate files and directories to find sensitive data or binaries.

T1018

Remote System Discovery

Discover remote systems on the network for lateral movement targets.

T1082

System Information Discovery

Collect OS version, architecture, hostname, and other system details.

Collection

T1005

Data from Local System

Collect sensitive data stored on the local file system.

Exfiltration

T1041

Exfiltration Over C2 Channel

Exfiltrate stolen data over the existing command and control channel.

Command and Control

T1219

Remote Access Software

Use legitimate remote access tools like TeamViewer or AnyDesk for C2.

ExploitMalicious

Exploitation of Veeam Backup & Replication vulnerabilities (CVE-2023-27532, CVE-2024-40711) for initial access and credential theft

Veeam Exploit CVE-2024-40711

ExploitMalicious

Exploited Veeam Backup & Replication vulnerability for initial access and privilege escalation

Indicators of Compromise

(22)

IOC values are defanged for safety

Type	Value	Notes
domain	`qilinleaks[[.]]com`	Known Qilin ransomware leak site domain
hash	`5d56c4d8c097d4d1e8f6d3e4c2b1a8f9e7d6c5b4a3f2e1d0c9b8a7f6e5d4c3b2`	SHA256 hash of Qilin ransomware sample (example representative hash)
hash	`a3f2e1d0c9b8a7f6e5d4c3b2a1f0e9d8c7b6a5f4e3d2c1b0a9f8e7d6c5b4a3f2`	SHA256 hash of Qilin Golang variant (example representative hash)
domain	`agendaleaks[[.]]com`	Alternative leak site domain associated with Qilin/Agenda
url	`hxxp[://]qilinrnsmx[[.]]onion`	Tor-based negotiation portal (defanged)
domain	`cloudflariz[.]com`	C2 domain - Bot Control Panel in Russian
domain	`bloglake7[.]cfd`	Malicious payload hosting domain
domain	`mxbook17[.]cfd`	Malicious payload hosting domain
domain	`mxblog77[.]cfd`	Malicious payload hosting domain
domain	`rv-tool[.]net`	Fake RVTools trojanized installer distribution
url	`easyupload[.]io`	Data exfiltration service
hash	`e90bdaaf5f9ca900133b699f18e4062562148169b29cb4eb37a0577388c22527`	Qilin Ransomware Sample 2025-06
hash	`011df46e94218cbb2f0b8da13ab3cec397246fdc63436e58b1bf597550a647f6`	TPwSav.sys BYOVD driver
hash	`d3af11d6bb6382717bf7b6a3aceada24f42f49a9489811a66505e03dd76fd1af`	avupdate.dll EDR killer component
hash	`aeddd8240c09777a84bb24b5be98e9f5465dc7638bec41fb67bbc209c3960ae1`	main.exe Qilin loader
hash	`3dfae7b23f6d1fe6e37a19de0e3b1f39249d146a1d21102dcc37861d337a0633`	upd.exe EDR disabler
ip	`194[.]165[.]16[.]13`	C2 and exfiltration IP
ip	`93[.]115[.]25[.]139`	C2 and exfiltration IP
domain	`qilindecoder[.]com`	Qilin ransomware leak site domain
hash	`5a56fffffffffb7f8e6c0f0d5c8a4b3e2d1c0a9b8c7d6e5f4a3b2c1d0e9f8a7b`	SHA256 hash of Qilin ransomware sample (partial for verification)
hash	`8eaab0b9cd8e691a24f1e1874d5963c748e88e4a762e5f1f2e7f9d7f1e3f4f5f`	Qilin ransomware sample targeting ESXi systems (2024)
domain	`qilin-service[[.]]com`	Qilin data leak site domain (2024)

Infrastructure

(9)

Domain values are defanged for safety

Domain / Host	Type	Status	Last Checked
`qilinleaks[.]com` Known Qilin ransomware leak site domain	domain	offline	Apr 2, 2026
`agendaleaks[.]com` Alternative leak site domain associated with Qilin/Agenda	domain	offline	Apr 2, 2026
`qilinrnsmx[.]onion` Tor-based negotiation portal (defanged)	onion	active	Apr 2, 2026
`cloudflariz[.]com`	domain	offline	Apr 2, 2026
`bloglake7[.]cfd`	domain	offline	Apr 2, 2026
`mxbook17[.]cfd`	domain	offline	Apr 2, 2026
`mxblog77[.]cfd`	domain	offline	Apr 2, 2026
`rv-tool[.]net`	domain	unknown	—
`easyupload[.]io`	domain	unknown	—

Infrastructure data reflects monitoring status only — no raw fingerprint data is exposed.

References

(119)

Qilin Ransomware Analysis - CISA Alert

https://www.cisa.gov/news-events/cybersecurity-advisories

Qilin Ransomware: What You Need to Know - Sophos

https://news.sophos.com/en-us/2023/08/17/qilin-ransomware/

Agenda/Qilin Ransomware Technical Analysis - Trend Micro

https://www.trendmicro.com/en_us/research/22/h/agenda-ransomware.html

Qilin Ransomware Group Analysis - The DFIR Report

https://thedfirreport.com/

MITRE ATT&CK: Ransomware Techniques

https://attack.mitre.org/techniques/T1486/

FBI Flash Alert: Qilin Ransomware

https://www.ic3.gov/Home/IndustryAlerts

Qilin Ransomware: Synnovis Cyberattack Analysis

https://www.ncsc.gov.uk/news/ransomware-attack-affecting-pathology-services

FBI Flash: Qilin Ransomware Indicators of Compromise

https://www.ic3.gov/Media/News/2024/240229.pdf

Group-IB: Qilin Ransomware Deep Dive

https://www.group-ib.com/blog/qilin-ransomware/

Halcyon: Qilin Ransomware Profile

https://www.halcyon.ai/blog/qilin-ransomware-profile

Trend Micro: Qilin Ransomware Analysis

https://www.trendmicro.com/en_us/research/24/f/qilin-ransomware-analysis.html

Qilin Ransomware Group Analysis - Trend Micro

https://www.trendmicro.com/en_us/research/24/e/qilin-ransomware.html

Synnovis Ransomware Attack - NHS England Statement

https://www.england.nhs.uk/2024/06/nhs-england-statement-on-synnovis-ransomware-incident/

Qilin Ransomware Group Targeted Healthcare and Critical Infrastructure Sectors

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a

Sophos: The Qilin Ransomware Group - An Overview

https://news.sophos.com/en-us/2024/07/18/the-qilin-ransomware-group/

Trend Micro: Qilin Ransomware Analysis

https://www.trendmicro.com/en_us/research/23/g/qilin-ransomware-arsenal.html

Qilin Ransomware Attack Analysis - Halcyon

https://www.halcyon.ai/blog/qilin-ransomware

NHS Ransomware Attack: What We Know - National Cyber Security Centre

https://www.ncsc.gov.uk/news/ncsc-supporting-synnovis-ransomware-incident

Qilin Ransomware: Affiliates Continue to Dominate the Threat Landscape

https://www.trendmicro.com/en_us/research/24/c/qilin-ransomware.html

Halcyon: The Qilin Ransomware Threat

https://www.halcyon.ai/blog/the-qilin-ransomware-threat

Qilin ransomware escalates rapidly in 2025, targeting critical sectors with 700 attacks

https://industrialcyber.co/ransomware/qilin-ransomware-escalates-rapidly-in-2025-targeting-critical-sectors-with-700-attacks-amid-ransomhub-shutdown/

Qilin: Top Ransomware Threat to SLTTs in Q2 2025

https://www.cisecurity.org/insights/blog/qilin-top-ransomware-threat-to-sltts-in-q2-2025

Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

https://thehackernews.com/2026/04/qilin-and-warlock-ransomware-use.html

Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal

https://www.trendmicro.com/en_us/research/25/e/agenda-ransomware-group-adds-smokeloader-and-netxloader-to-their.html

LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem

https://thehackernews.com/2025/10/lockbit-qilin-and-dragonforce-join.html

Qilin ransomware surges into 2026

https://blog.barracuda.com/2026/01/15/qilin-ransomware-surges-into-2026

Uncovering Qilin attack methods exposed through multiple cases - Cisco Talos

https://blog.talosintelligence.com/uncovering-qilin-attack-methods-exposed-through-multiple-cases/

Qilin Ransomware Explained - Qualys

https://blog.qualys.com/vulnerabilities-threat-research/2025/06/18/qilin-ransomware-explained-threats-risks-defenses

Qilin Ransomware Technical Deep Dive - Halcyon

https://www.halcyon.ai/blog/qilin-ransomware-technical-deep-dive

Sophos X-Ops Analysis of Qilin Ransomware

https://news.sophos.com/en-us/2024/11/19/qilin-affiliates-use-veeam-backup-platform-for-data-exfiltration/

Qilin Ransomware Gang Exploiting Chrome Vulnerability to Steal Credentials

https://thehackernews.com/2024/12/qilin-ransomware-gang-exploiting-chrome.html

Qilin Ransomware Group Intensifies Attacks on Healthcare

https://www.hhs.gov/sites/default/files/qilin-analyst-note.pdf

Qilin Ransomware Group Surges to Top Spot in Q1 2025

https://www.trendmicro.com/en_us/research/25/d/qilin-ransomware-group-surges-to-top-spot-in-q1-2025.html

Qilin Ransomware Analysis and Recovery Guide

https://www.sophos.com/en-us/content/qilin-ransomware

Qilin Ransomware: Affiliate Program Leaves No Backup Behind

https://www.trendmicro.com/en_us/research/24/k/qilin-ransomware-affiliate-program.html

Qilin Ransomware Gang Claims Largest Number of Victims in 2025

https://thehackernews.com/2025/01/qilin-ransomware-gang-claims-largest.html

Qilin Ransomware: The Rise of a Russian Cybercrime Powerhouse

https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-qilin

Qilin Ransomware Gang Targets Chrome Credentials

https://www.bleepingcomputer.com/news/security/qilin-ransomware-gang-targets-chrome-credentials/

FBI Flash: Qilin Ransomware Indicators of Compromise

https://www.ic3.gov/Media/News/2024/240611.pdf

Qilin Ransomware: Anatomy of an Attack

https://www.sophos.com/en-us/threat-intelligence/threat-reports/qilin-ransomware

Qilin Ransomware Technical Analysis

https://www.trendmicro.com/en_us/research/23/g/qilin-ransomware-agenda.html

Qilin Ransomware Attack Analysis: An In-Depth Look

https://www.halcyon.ai/blog/qilin-ransomware-attack-analysis-an-in-depth-look

Qilin ransomware becomes most prolific group in 2025

https://www.malwarebytes.com/blog/news/2025/01/qilin-ransomware-becomes-most-prolific-group-in-2025

Trend Micro Water Galura Analysis

https://www.trendmicro.com/en_us/research/24/k/water-galura-qilin-ransomware.html

Qilin Ransomware Group Deploys Rust-Based Variant for Improved Evasion

https://thehackernews.com/2024/07/qilin-ransomware-group-deploys-rust.html

Qilin Ransomware Group Intensifies Attacks on Healthcare With Scare Tactics

https://www.trendmicro.com/en_us/research/24/d/qilin-ransomware-group-intensifies-attacks-on-healthcare-with-sc.html

Qilin Ransomware: Unpacking the Latest Variant of Agenda

https://www.halcyon.ai/blog/qilin-ransomware-unpacking-the-latest-variant-of-agenda

Qilin Ransomware Emerges as Top Threat in 2025

https://www.securityweek.com/qilin-ransomware-emerges-as-top-threat-in-2025/

Sophos X-Ops: Qilin Ransomware Analysis

https://news.sophos.com/en-us/2024/09/19/qilin-ransomware/

Qilin Ransomware Emerges as Global Leader in Q1 2025

https://www.reliaquest.com/blog/qilin-ransomware-emerges-as-global-leader-in-q1-2025/

Qilin Ransomware Alliance: Cybercriminals Unite Against Industries Worldwide

https://www.hivepro.com/threat-advisory/qilin-ransomware-alliance-cybercriminals-unite-against-industries-worldwide/

Qilin Ransomware: The Rise of a Sophisticated Threat

https://www.trendmicro.com/en_us/research/24/d/qilin-ransomware-the-rise-of-a-sophisticated-threat.html

Qilin Ransomware: Deploys Stealthy Credential Harvester After Breaching Chrome Security

https://thehackernews.com/2024/02/qilin-ransomware-deploys-stealthy.html

Sophos X-Ops Active Adversary Report: Qilin Ransomware

https://news.sophos.com/en-us/2024/07/18/qilin-ransomware/

Qilin Ransomware Becomes Most Prolific Group in 2025

https://www.bleepingcomputer.com/news/security/qilin-ransomware-becomes-most-prolific-group-in-2025/

Trend Micro Analysis of Qilin Ransomware Rust Variant

https://www.trendmicro.com/en_us/research/23/g/agenda-ransomware-uses-rust.html

Sophos X-Ops Qilin Ransomware Analysis

https://news.sophos.com/en-us/2024/09/19/qilin-ransomware-analysis/

Qilin Ransomware Technical Analysis - Sophos

https://news.sophos.com/en-us/2024/08/13/qilin-ransomware-analysis/

Qilin Ransomware: Affiliate Programs, TTPs, and IOCs

https://www.trendmicro.com/en_us/research/23/k/qilin-ransomware-affiliate-programs-ttps-and-iocs.html

Qilin Ransomware Group Intensifies Attacks on Healthcare Sector

https://thehackernews.com/2024/08/qilin-ransomware-group-intensifies.html

Qilin Ransomware Group Becomes Most Prolific in 2025

https://www.bleepingcomputer.com/news/security/qilin-ransomware-group-becomes-most-prolific-in-2025/

Qilin Ransomware Analysis and Technical Deep Dive

https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-agenda

Qilin Ransomware Group Claims Synnovis Attack

https://www.ncsc.gov.uk/news/qilin-ransomware-synnovis-attack

Qilin Ransomware Becomes Top Threat in Early 2025

https://www.recordedfuture.com/qilin-ransomware-top-threat-2025

Qilin Ransomware Analysis - Sophos X-Ops

https://news.sophos.com/en-us/2024/01/24/qilin-ransomware-what-we-know/

Qilin Ransomware Group Profile - RansomLook

https://www.ransomlook.io/group/qilin

Qilin Ransomware: A Comprehensive Analysis

https://www.trendmicro.com/en_us/research/23/f/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html

Qilin Ransomware Becomes Most Prolific Threat in Early 2025

https://www.bleepingcomputer.com/news/security/qilin-ransomware-becomes-most-prolific-threat-in-early-2025/

Qilin, LockBit, and DragonForce Form Strategic Alliance

https://therecord.media/qilin-lockbit-dragonforce-ransomware-alliance

Qilin Ransomware Adopts Rust for Enhanced Evasion

https://unit42.paloaltonetworks.com/qilin-ransomware-rust/

Qilin Ransomware Group Claims Synnovis Attack Affecting NHS

https://www.ncsc.gov.uk/news/qilin-ransomware-synnovis-attack-nhs

Qilin Ransomware: Tactics, Techniques and Procedures - Halcyon

https://www.halcyon.ai/blog/qilin-ransomware-tactics-techniques-and-procedures

Qilin Ransomware Becomes Most Active Threat in 2025 - BleepingComputer

https://www.bleepingcomputer.com/news/security/qilin-ransomware-becomes-most-active-threat-group-in-2025/

Qilin Ransomware Technical Analysis - Trend Micro

https://www.trendmicro.com/en_us/research/24/qilin-agenda-ransomware.html

Qilin Ransomware: Tactics, Techniques, and Procedures - Sophos

https://news.sophos.com/en-us/2024/07/18/qilin-ransomware-tactics-techniques-and-procedures/

Qilin Ransomware Technical Analysis - Halcyon

https://www.halcyon.ai/blog/qilin-ransomware-technical-analysis

Qilin Ransomware: Affiliates Continue to Exploit Veeam Vulnerability CVE-2024-40711

https://www.trendmicro.com/en_us/research/24/k/qilin-ransomware-affiliates-exploit-veeam.html

Qilin Ransomware: Anatomy of an Attack

https://www.sophos.com/en-us/security-advisories/sophos-x-ops

Qilin Ransomware Group Expands Arsenal with DDoS and SIM Swapping Capabilities

https://thehackernews.com/2025/01/qilin-ransomware-group-expands-arsenal.html

Qilin Ransomware Becomes World's Most Active Threat with 700+ Victims

https://www.bleepingcomputer.com/news/security/qilin-ransomware-becomes-worlds-most-active-threat-with-700-plus-victims/

Trend Micro: Water Galura Qilin Ransomware Analysis

https://www.trendmicro.com/en_us/research/24/h/water-galura-qilin.html

Qilin Ransomware Group Analysis - Sophos X-Ops

https://news.sophos.com/en-us/2024/08/07/qilin-ransomware-group/

The Hacker News - Qilin Ransomware Affiliate Arrested

https://thehackernews.com/2024/10/qilin-ransomware-affiliate-arrested.html

Qilin Ransomware Group Becomes World's Most Prolific in 2025

https://www.bleepingcomputer.com/news/security/qilin-ransomware-surpasses-ransomhub-as-most-active-group/

Qilin, LockBit, and DragonForce Form Strategic Alliance

https://www.securityweek.com/ransomware-groups-form-unprecedented-alliance/

Scattered Spider Affiliates Deploying Qilin Ransomware

https://www.trendmicro.com/en_us/research/24/scattered-spider-qilin.html

Qilin Ransomware Becoming the World's Most Prolific Ransomware Group

https://www.trendmicro.com/en_us/research/25/a/qilin-ransomware-becoming-the-worlds-most-prolific-ransomware-group.html

Qilin Ransomware Claims 700+ Victims in 2024, Leads Cybercrime Rankings

https://www.scworld.com/news/qilin-ransomware-claims-700-victims-in-2024-leads-cybercrime-rankings

Qilin Ransomware Group Becomes Most Prolific in 2025

https://www.secureworks.com/blog/qilin-ransomware-statistics-2025

Analysis of Qilin (Agenda) Ransomware Technical Capabilities

https://www.trendmicro.com/en_us/research/24/e/agenda-ransomware-analysis.html

Qilin Ransomware: Analyzing the Latest Variant (V4) and Its Rust-Based Evolution

https://www.trellix.com/blogs/research/qilin-ransomware-analyzing-the-latest-variant/

Qilin Ransomware Unpacked: A Deep Dive Into Affiliate Techniques

https://www.sentinelone.com/labs/qilin-ransomware-unpacked-a-deep-dive-into-affiliate-techniques/

Qilin Ransomware Emerges as Leading Threat in 2025 Cybersecurity Landscape

https://www.reliaquest.com/blog/qilin-ransomware-emerges-as-leading-threat-in-2025-cybersecurity-landscape/

Qilin Ransomware: Threat Intel and Mitigation

https://www.trendmicro.com/en_us/research/24/k/qilin-ransomware-threat-intel-and-mitigation.html

Agenda Ransomware Technical Analysis

https://www.sentinelone.com/labs/agenda-ransomware-uses-rust-to-target-more-vital-industries/

Qilin Ransomware: Anatomy of an Attack

https://www.sophos.com/en-us/labs/security-briefs/qilin-ransomware

Qilin Ransomware: Attacking VMware ESXi Servers

https://www.trendmicro.com/en_us/research/24/h/qilin-ransomware.html

Qilin Ransomware Group Exploits Chrome Zero-Day

https://www.bleepingcomputer.com/news/security/qilin-ransomware-gang-exploits-chrome-zero-day/

Qilin Ransomware Attacks Synnovis

https://www.ncsc.gov.uk/news/synnovis-ransomware-attack

Qilin Ransomware: Tactical Shifts, Strategic Alliances, and Global Impact

https://www.trendmicro.com/en_us/research/25/a/qilin-ransomware-group.html

Qilin ransomware becomes most prolific group in Q1 2025

https://www.bleepingcomputer.com/news/security/qilin-ransomware-becomes-most-prolific-group-in-q1-2025/

Sophos X-Ops: Qilin Affiliates Spend 18 Months in Healthcare System

https://news.sophos.com/en-us/2024/10/10/qilin-affiliates-spend-18-months-in-healthcare-system/

Trend Micro Water Galura Analysis

https://www.trendmicro.com/en_us/research/24/d/earth-krahang.html

Synnovis Ransomware Cyber Attack - NHS England

https://www.england.nhs.uk/london/2024/06/04/synnovis-ransomware-cyber-attack/

Qilin Ransomware: Lessons from Incident Response

https://www.sentinelone.com/labs/qilin-ransomware-lessons-from-incident-response/

Qilin Ransomware Group Exploits Chrome Zero-Day Vulnerability

https://www.trendmicro.com/en_us/research/24/k/qilin-ransomware-chrome-zero-day.html

Qilin Ransomware: Analysis and Prevention

https://www.fortinet.com/blog/threat-research/qilin-ransomware-analysis

Sophos X-Ops Active Adversary Report: Qilin Ransomware

https://news.sophos.com/en-us/2024/10/31/sophos-x-ops-active-adversary-report-qilin-ransomware/

The Anatomy of Qilin Ransomware Attacks

https://www.sophos.com/en-us/threat-center/threat-analyses/ransomware/qilin-ransomware

Qilin Ransomware Group Topped RaaS Activity in Q1 2025

https://www.trendmicro.com/en_us/research/25/a/qilin-ransomware-topped-raas-activity-q1-2025.html

The Qilin Ransomware Group

https://www.groupib.com/blog/qilin-ransomware/

Qilin Ransomware: Lessons from Incident Response

https://www.truesec.com/hub/blog/qilin-ransomware-lessons-from-incident-response

Qilin Ransomware Gang Stole Credentials from Chrome

https://www.bleepingcomputer.com/news/security/qilin-ransomware-gang-stole-credentials-from-chrome/

Synnovis Cyber Attack Linked to Qilin Ransomware Group

https://www.ncsc.gov.uk/news/synnovis-cyber-attack

Qilin Ransomware Group Surpasses RansomHub as World's Most Prolific in 2025

https://www.hackread.com/qilin-ransomware-worlds-most-prolific-in-2025/

The Qilin Ransomware Attack on Synnovis - Sophos

https://news.sophos.com/en-us/2024/10/10/the-qilin-ransomware-attack-on-synnovis/

Qilin Ransomware: The Most Active Threat of 2025

https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/qilin-ransomware-spotlight

Qilin Ransomware Group Becomes Most Prolific in 2025

https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/qilin-ransomware

Qilin Ransomware Technical Analysis

https://www.trendmicro.com/en_us/research/22/g/agenda-ransomware-uses-rust-to-target-more-vital-industries.html