Qilin Ransomware Group Targets Multiple Australian Organizations in February
In late January and February, the Qilin ransomware group claimed attacks on four Australian organizations, primarily based in Western Australia. The first victim, Esperance Communications, was listed in late January with minimal details disclosed. On 11 February, the group added Mount Barker Co-operative, alleging the theft of 40GB of data, though the leaked files remain inaccessible. A week later, Esperance Metaland was listed, with hackers claiming 14GB and over 16,000 files exfiltrated though no evidence was provided. The fourth victim, a Queensland-based entity, was named on 22 February, with similarly vague claims.
None of the affected organizations have publicly confirmed the incidents, leaving the validity of the attacks uncertain. Qilin, a ransomware-as-a-service (RaaS) operation, has rapidly expanded since its 2022 emergence, with 800+ victims in 2025 up from just 45 in its first year. Security firm ThreatLocker reports the group uses stealthy infiltration tactics, averaging 19 days of dwell time before deploying ransomware. While some analysts question Qilin’s technical sophistication, its ransomware binary remains effective.
The group’s motives and next moves remain unclear, but its recent focus on Australian targets suggests a deliberate campaign. Observers continue to monitor Qilin’s leak site for potential data releases.
Esperance Communications cybersecurity rating report: https://www.rankiteo.com/company/esperance-communications
"id": "ESP1772051983",
"linkid": "esperance-communications",
"type": "Ransomware",
"date": "2/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Communications',
'location': 'Western Australia, Australia',
'name': 'Esperance Communications',
'type': 'Organization'},
{'industry': 'Co-operative',
'location': 'Western Australia, Australia',
'name': 'Mount Barker Co-operative',
'type': 'Organization'},
{'location': 'Western Australia, Australia',
'name': 'Esperance Metaland',
'type': 'Organization'},
{'location': 'Queensland, Australia',
'type': 'Organization'}],
'attack_vector': 'Stealthy infiltration (RaaS)',
'data_breach': {'data_exfiltration': 'Yes (alleged)',
'number_of_records_exposed': '16,000+ files (Esperance '
'Metaland)',
'type_of_data_compromised': 'Alleged data theft (unspecified '
'types)'},
'date_publicly_disclosed': '2025-02',
'description': 'In late January and February, the Qilin ransomware group '
'claimed attacks on four Australian organizations, primarily '
'based in Western Australia. The victims include Esperance '
'Communications, Mount Barker Co-operative, Esperance '
'Metaland, and a Queensland-based entity. The group alleged '
'data theft but provided limited or no evidence of the '
'breaches. None of the affected organizations have publicly '
'confirmed the incidents.',
'impact': {'data_compromised': 'Multiple organizations allegedly had data '
'exfiltrated (40GB, 14GB+)'},
'investigation_status': 'Ongoing monitoring',
'post_incident_analysis': {'root_causes': 'Stealthy infiltration tactics, '
'average dwell time of 19 days'},
'ransomware': {'data_exfiltration': 'Yes (alleged)',
'ransomware_strain': 'Qilin'},
'references': [{'source': 'ThreatLocker'}],
'threat_actor': 'Qilin Ransomware Group',
'title': 'Qilin Ransomware Group Targets Multiple Australian Organizations in '
'February',
'type': 'Ransomware'}