Qilin Ransomware Hits Aiken Electric Cooperative in Major Breach

Incident Date: Nov 01, 2024

Attack Overview

VICTIM

Aiken Electric Cooperative

INDUSTRY

Energy, Utilities & Waste

LOCATION

USA

ATTACKER

Qilin

FIRST REPORTED

November 1, 2024

Request Removal

Qilin Ransomware Group Targets Aiken Electric Cooperative

Aiken Electric Cooperative (AEC), a member-owned utility cooperative based in Aiken, South Carolina, has become the latest victim of a ransomware attack by the notorious Qilin group. The breach, discovered on November 4, resulted in a significant data leak of 591GB, potentially compromising sensitive operational and customer data.

About Aiken Electric Cooperative

Established in 1938, AEC serves as a vital utility provider in South Carolina, delivering electricity to approximately 47,877 residential and 3,172 commercial accounts across several counties. As a not-for-profit organization, AEC focuses on providing reliable and affordable electric services to its members. The cooperative is known for its community engagement initiatives, such as Operation Round Up and net metering programs, which promote renewable energy use among its members.

Attack Overview

The Qilin ransomware group, also known as Agenda, claimed responsibility for the attack on AEC. The breach led to the exfiltration of 591GB of data, including 48 photos and 369,793 files. This data may contain sensitive information related to AEC's net metering services, which allow members to sell excess solar energy back to the grid. The attack highlights vulnerabilities in AEC's infrastructure, potentially affecting its operational capabilities and customer trust.

Qilin Ransomware Group

Qilin, a Ransomware-as-a-Service (RaaS) group, emerged in 2022 and has since been involved in over 60 confirmed attacks. The group is known for its double extortion tactics, encrypting and exfiltrating data to pressure victims into paying ransoms. Qilin's ransomware is highly customizable, allowing affiliates to tailor attacks to specific targets. The group primarily targets large enterprises across various sectors, including healthcare and utilities.

Penetration and Impact

Qilin's attack on AEC likely involved exploiting vulnerabilities in the cooperative's systems, such as outdated software or insufficient security measures. The group uses sophisticated techniques, including spear phishing and exploiting known vulnerabilities in Citrix ADC and VMware ESXi, to gain initial access. Once inside, Qilin employs tools like Cobalt Strike for lateral movement and data exfiltration, making it challenging for victims to detect and mitigate the attack.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.