Qilin Ransomware Hits Kohinoor Textile Mills: Cybersecurity Alert

Incident Date:

July 25, 2024

World map

Overview

Title

Qilin Ransomware Hits Kohinoor Textile Mills: Cybersecurity Alert

Victim

Kohinoor Textile Mills Limited

Attacker

Qilin

Location

Raiwind, Pakistan

, Pakistan

First Reported

July 25, 2024

Qilin Ransomware Attack on Kohinoor Textile Mills Limited

Overview of Kohinoor Textile Mills Limited

Kohinoor Textile Mills Limited (KTML) is a prominent textile manufacturing company based in Pakistan, established in 1953. The company operates multiple manufacturing units in Rawalpindi, Gujar Khan, and Raiwind, specializing in the production of yarn, cloth, and home textile products. KTML is known for its vertically integrated structure, which includes spinning, weaving, processing, and stitching. The company exports its products to international markets, with significant sales in Europe and the United States.

Company Size and Industry Standing

KTML employs between 5,001 and 10,000 individuals, reflecting its extensive operational scale. The company is listed on the Pakistan Stock Exchange and is part of the Kohinoor Maple Leaf Group. KTML is recognized for its substantial contributions to the textile industry in Pakistan, focusing on both local and export markets. The company has invested significantly in technology and sustainable practices, including rainwater harvesting and solar energy utilization.

Details of the Ransomware Attack

In a recent cyber incident, KTML fell victim to a ransomware attack orchestrated by the Qilin group. The attack was claimed by Qilin on their dark web leak site, highlighting the growing threat of ransomware attacks on critical manufacturing sectors. The specifics of the attack, including the extent of data exfiltration and the ransom demanded, have not been disclosed. However, the incident underscores the vulnerabilities in KTML's cybersecurity infrastructure.

Profile of the Qilin Ransomware Group

The Qilin ransomware group, also known as Agenda, is a sophisticated Ransomware-as-a-Service (RaaS) operation believed to be of Russian origin. The group first appeared in October 2022 and has targeted various organizations, including healthcare providers, automotive companies, and government agencies. Qilin is known for its advanced tactics, such as data exfiltration and double extortion, to pressure victims into paying ransoms.

Potential Vulnerabilities and Penetration Methods

While the exact method of penetration in KTML's case is not detailed, common vulnerabilities exploited by ransomware groups like Qilin include outdated security patches, weak passwords, and insufficient network segmentation.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.