83/68 Monday, March 3, 2025
The cybercriminal group Qilin has claimed responsibility for a cyberattack on Lee Enterprises, a major U.S. media company, on February 3. The attack disrupted the company’s operations, and the hackers have threatened to release the stolen data on March 5 unless a ransom is paid. The leaked data reportedly includes copies of identification cards, non-disclosure agreements (NDAs), financial spreadsheets, and other confidential documents, totaling over 120,000 files with a combined size of more than 350GB.
Reports indicate that the attack locked Lee Enterprises out of its internal systems, cloud storage, and corporate VPN, affecting the operations of 77 print publications and numerous digital platforms. The company later confirmed in a filing with the U.S. Securities and Exchange Commission (SEC) that hackers encrypted critical applications and stole some files, confirming the attack as ransomware. A company spokesperson stated that an investigation is underway to assess the extent of the data breach.
The Qilin group has a history of targeting large organizations, including Yanfeng Automotive, the Victoria State Court system in Australia, and NHS hospitals in London. The group has continuously improved its malware, from launching a VMware ESXi version in 2023 to developing a Rust-based locker with stronger encryption in 2024. Additionally, Microsoft has reported that the hacker group “Scattered Spider” has used Qilin ransomware in its operations, making this an ongoing security concern for cybersecurity agencies worldwide.
