Qilin Publishes 40+ Monthly Victims; Cisco Talos Tracks TTPs
Category:Threat Alerts / Malware & Ransomware
Infosecurity Magazine reports Qilin publishes 40+ victim listings monthly, with manufacturing most targeted. Cisco Talos observed use of Cyberduck for exfiltration, dual encryptors, and abuse of VPN access without MFA, alongside credential theft and EDR evasion tactics.
CORTEX Protocol Intelligence Assessment
Business Impact: Consistent operational tempo increases the probability of repeat sectoral impacts. Technical Context: TTPs leverage living-off-the-land binaries and cloud services to evade monitoring and accelerate exfiltration.
Strategic Intelligence Guidance
- Disable legacy VPN auth; enforce MFA and device posture checks
- Detect Cyberduck and unusual cloud storage access patterns
- Block PsExec lateral movement and monitor scheduled tasks
- Harden EDR tamper protection and PowerShell logging
Vendors
Threats
Targets
Impact
Data Volume:Unknown
Financial:Unknown
Intelligence Source: Qilin Ransomware Group Publishes Over 40 Cases Monthly - Infosecurity Magazine | Oct 28, 2025