Qilin Ransomware Hits Aiken Electric Cooperative in Major Breach
Incident Date:
November 1, 2024
Overview
Title
Qilin Ransomware Hits Aiken Electric Cooperative in Major Breach
Victim
Aiken Electric Cooperative
Attacker
Qilin
Location
First Reported
November 1, 2024
Qilin Ransomware Group Targets Aiken Electric Cooperative
Aiken Electric Cooperative (AEC), a member-owned utility cooperative based in Aiken, South Carolina, has become the latest victim of a ransomware attack by the notorious Qilin group. The breach, discovered on November 4, resulted in a significant data leak of 591GB, potentially compromising sensitive operational and customer data.
About Aiken Electric Cooperative
Established in 1938, AEC serves as a vital utility provider in South Carolina, delivering electricity to approximately 47,877 residential and 3,172 commercial accounts across several counties. As a not-for-profit organization, AEC focuses on providing reliable and affordable electric services to its members. The cooperative is known for its community engagement initiatives, such as Operation Round Up and net metering programs, which promote renewable energy use among its members.
Attack Overview
The Qilin ransomware group, also known as Agenda, claimed responsibility for the attack on AEC. The breach led to the exfiltration of 591GB of data, including 48 photos and 369,793 files. This data may contain sensitive information related to AEC's net metering services, which allow members to sell excess solar energy back to the grid. The attack highlights vulnerabilities in AEC's infrastructure, potentially affecting its operational capabilities and customer trust.
Qilin Ransomware Group
Qilin, a Ransomware-as-a-Service (RaaS) group, emerged in 2022 and has since been involved in over 60 confirmed attacks. The group is known for its double extortion tactics, encrypting and exfiltrating data to pressure victims into paying ransoms. Qilin's ransomware is highly customizable, allowing affiliates to tailor attacks to specific targets. The group primarily targets large enterprises across various sectors, including healthcare and utilities.
Penetration and Impact
Qilin's attack on AEC likely involved exploiting vulnerabilities in the cooperative's systems, such as outdated software or insufficient security measures. The group uses sophisticated techniques, including spear phishing and exploiting known vulnerabilities in Citrix ADC and VMware ESXi, to gain initial access. Once inside, Qilin employs tools like Cobalt Strike for lateral movement and data exfiltration, making it challenging for victims to detect and mitigate the attack.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.