The Qilin ransomware group has claimed responsibility for breaching three new organizations. The threat actor, known for its double-extortion tactics involving data encryption and exfiltration, posted the victims to its dark web leak site on November 30, 2025.
The latest list of alleged victims posted by the group includes:
-
ILCA TARGHE S.R.L. (🇮🇹 Italy): A business services company based in Bologna, specializing in the production of industrial plates, panels, and membrane keyboards.
-
Veton AI (🇺🇸 United States): A technology company operating in the AI sector, listed by the threat actor as providing accounting services. The group has activated a countdown timer for this victim, threatening to publish data in approximately 9 days.
-
Battaglioli (🇮🇹 Italy): An Italian firm operating within the industrial machinery and equipment sector.
According to the actor, sensitive proprietary data has been exfiltrated from the victims. While specific file trees were not immediately released for all victims, Qilin typically threatens to leak the following if a ransom is not paid:
-
Internal company financial documents
-
Employee and client personal information (PII)
-
Proprietary business data and contracts
