Qilin Ransomware caught with politically motivated fake document (and old data) in post.
by Dominic Alvieri
March 8th, 2025
Was it a breach or not?
The Ministry of Foreign Affairs of Ukraine was breached...in 2022 which is not what one devious up and coming ransomware group would like you to think. The post below is from Qilin Ransomware.
 |
| Original Qilin Ransomware MFA of Ukraine post. |
Did the Kremlin Call?
Qilin shuffled document samples for the first 10 minutes after their MFA of Ukraine post which peaked my interest. Originally listing 82 samples (the first 12 I retrieved and verified) then 31 and finally 104 if that hasn't changed. I regularly go back and check for updates and double check my research but it is usually the deletions that catch your eye. Most of the data samples are from 2022 or earlier. Qilin did release samples dated in 2025. All but one was removed which is one of the dozen I already had.
 |
| The only sample dated after 2025 is fake. |
The document references a January 31st, 2025 missile strike by Russian troops at the Bristol Hotel in Odessa, Ukraine. Have I mentioned that I hate politics? The fake document is signed by an official who has never been an ambassador of Ukraine to Moldova.
All of the remaining documents are dated between 2019 & 2022 which were previously leaked in 2022 on Telegram after a breach of the MFA of Ukraine in that year.
Most of the majors players have made some political reconfirmations recently
I've actually always hated politics and this has the big stink of a political pressure move.
RansomHub also recently released a tox profile message stating never to target CIS states. LockBit loves Trump and has said so and posted several times. Once again hate is a strong word but...
 |
| Can you do me a favor... |
Stay safe online and off.
No comments:
Post a Comment