The Qilin ransomware group has allegedly targeted two major international companies, adding them to its data leak site on August 6, 2025. The victims are a prominent Colombian steel manufacturer and Kenya’s largest energy producer. The threat actors claim to have exfiltrated sensitive data from both organizations and have published several documents as proof of the breach, threatening further leaks.
The targeted organizations are critical players in their respective regions. The Qilin group has listed the following companies as victims of their latest campaign:
- Ferrocortes S.A.S: A leading company in Colombia that provides high-quality steel solutions for heavy machinery, mining, infrastructure, and metal-mechanics industries.
- Kenya Electricity Generating Company (KenGen): A major government enterprise in Kenya, responsible for producing over 60% of the electricity consumed in the country and supplying power to East Africa.
The attackers have leaked samples of the stolen data, which allegedly include a wide range of sensitive information. For KenGen, the leaked files appear to contain financial indicators, budgets, project details such as performance bonds for construction projects, and personal data of employees and managers. In the case of Ferrocortes, the published documents purportedly include employee contracts, financial statements, technical drawings, and customer complaints.
