Ransomware Attack on Stalcop Metal Forming by Qilin Group

Stalcop Metal Forming LLC, a prominent manufacturer based in Thorntown, Indiana, specializing in custom-designed specialty cold-formed parts and precision machined components, has become the latest victim of a ransomware attack. The attack, claimed by the Qilin ransomware group, occurred on November 22, resulting in the leak of 400GB of sensitive data.

Company Profile

Stalcop Metal Forming LLC is a leader in the metal forming industry, known for its advanced manufacturing techniques and commitment to quality. The company serves various sectors, including automotive, electrical, and industrial applications, and employs approximately 65 individuals. With an estimated annual revenue of $23.4 million, Stalcop is recognized for its ability to handle both small and large orders efficiently. The company's focus on custom fabrication and its expertise in working with diverse materials such as copper, aluminum, brass, and stainless steel make it a significant player in the industry.

Qilin Ransomware Group

Qilin, a Ransomware-as-a-Service (RaaS) group, emerged in July 2022 and has since become a formidable threat in the cybersecurity landscape. The group distinguishes itself through its use of highly customizable ransomware, initially developed in Golang and later rewritten in Rust for enhanced evasion capabilities. Qilin's focus on cross-platform targeting, including Windows, Linux, and VMware ESXi environments, allows it to effectively compromise enterprise-level infrastructure. The group typically gains access through spear phishing and exploiting known vulnerabilities, such as those in Citrix ADC and RDP.

Potential Vulnerabilities

Stalcop's reliance on advanced manufacturing technologies and its position as a key supplier in the metal forming industry may have made it an attractive target for Qilin.

Sources

• Halcyon AI: Qilin - The Russian RaaS Group
• Bleeping Computer: Linux Version of Qilin Ransomware
• Stalcop: About Us
• ZoomInfo: Stalcop LLC