Qilin Ransomware Allegedly Hits Spanish City of Melilla and Fijian Giant Tappoo Group

The Qilin ransomware group has allegedly targeted two major entities, the government of the autonomous Spanish city of Melilla and the prominent Fijian conglomerate, Tappoo Group of Companies. In a bold claim, the threat actors announced they have exfiltrated massive amounts of sensitive data and caused significant operational damage. The City of Melilla is a Spanish autonomous city located on the north coast of Africa and is a significant administrative and cultural hub. The Tappoo Group of Companies is one of Fiji’s largest and most respected business houses, with extensive operations in retail, distribution, and manufacturing, making it a cornerstone of the nation’s economy.

According to the claims, the attack on Melilla was particularly severe, with the perpetrators alleging they have not only stolen 4-5 terabytes of data but also completely destroyed the city’s administrative and network infrastructure. The threat actors boast of possessing a nearly complete list of personal data for all of Melilla’s inhabitants, as well as sensitive information on tourists. Furthermore, they claim to hold compromising information regarding the “corrupt” use of funds by high-ranking individuals. In a separate attack, the Tappoo Group was also listed as a victim, with evidence suggesting the theft of highly sensitive internal financial documents.

The data allegedly stolen from both organizations is extensive and highly sensitive. For the City of Melilla, the leak purportedly includes personal identification documents and detailed citizen information. For the Tappoo Group, the breach appears to involve confidential financial records. The attackers have published sample data, including a citizen’s application form from Melilla and internal balance sheets from the Tappoo Group, to substantiate their claims.

Allegedly Leaked Data Includes: