Tracking Adversaries: The Qilin RaaS
![Image](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXimCSysJXLUr6vSJS1hx9afF9F1xC38KtpZ8kO3_6epi1T5jpVy5kGPCKvjyBG76qeHwzc1yp30DrXk7Xd4z8fMzRnaxnuc1WGReuG7LXFxxvGSGmZ9N2-ulpaff6YSnV7UpGZC32tAx28gdYCXaLIIFZYeZHwy8txXV-IWUK2XKo4bb_v1pCXFyNXBNv/w400-h400/Qilin.jpg)
This blog is part of my Tracking Adversaries blog series, whereby I perform a summary analysis of a particular adversary that has caught my attention and made me feel like they deserve special attention and investigation. Qilin has been covered already by experts from Trend Micro , Secureworks , Group-IB , SentinelOne , SOCRadar , BleepingComputer , and MalwareHunterTeam . Kudos to them, because without these researchers sharing their findings with the community, we would be a lot less informed about this prominent ransomware gang. Background Active since at least May 2022, Qilin ransomware is named after the mythical Chinese creature which you may pronounce as "Chee-lin". The origin of this cybercriminal threat group, however, is believed to be from Russia. Like many other ransomware campaigns run by organised cybercriminal gangs, Qilin ransomware is used for domain-wide encryption of servers and workstations and its operators steal vast quantities of data. A ran