Qilin Ransomware Hits Kohinoor Textile Mills: Cybersecurity Alert

Incident Date: Jul 25, 2024

Attack Overview

VICTIM

Kohinoor Textile Mills Limited

INDUSTRY

Manufacturing

LOCATION

Pakistan

ATTACKER

Qilin

FIRST REPORTED

July 25, 2024

Request Removal

Qilin Ransomware Attack on Kohinoor Textile Mills Limited

Overview of Kohinoor Textile Mills Limited

Kohinoor Textile Mills Limited (KTML) is a prominent textile manufacturing company based in Pakistan, established in 1953. The company operates multiple manufacturing units in Rawalpindi, Gujar Khan, and Raiwind, specializing in the production of yarn, cloth, and home textile products. KTML is known for its vertically integrated structure, which includes spinning, weaving, processing, and stitching. The company exports its products to international markets, with significant sales in Europe and the United States.

Company Size and Industry Standing

KTML employs between 5,001 and 10,000 individuals, reflecting its extensive operational scale. The company is listed on the Pakistan Stock Exchange and is part of the Kohinoor Maple Leaf Group. KTML is recognized for its substantial contributions to the textile industry in Pakistan, focusing on both local and export markets. The company has invested significantly in technology and sustainable practices, including rainwater harvesting and solar energy utilization.

Details of the Ransomware Attack

In a recent cyber incident, KTML fell victim to a ransomware attack orchestrated by the Qilin group. The attack was claimed by Qilin on their dark web leak site, highlighting the growing threat of ransomware attacks on critical manufacturing sectors. The specifics of the attack, including the extent of data exfiltration and the ransom demanded, have not been disclosed. However, the incident underscores the vulnerabilities in KTML's cybersecurity infrastructure.

Profile of the Qilin Ransomware Group

The Qilin ransomware group, also known as Agenda, is a sophisticated Ransomware-as-a-Service (RaaS) operation believed to be of Russian origin. The group first appeared in October 2022 and has targeted various organizations, including healthcare providers, automotive companies, and government agencies. Qilin is known for its advanced tactics, such as data exfiltration and double extortion, to pressure victims into paying ransoms.

Potential Vulnerabilities and Penetration Methods

While the exact method of penetration in KTML's case is not detailed, common vulnerabilities exploited by ransomware groups like Qilin include outdated security patches, weak passwords, and insufficient network segmentation.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.