Qilin Ransomware Group Lists Australian Tutoring Provider Kinetic Education as Latest Victim
The Qilin ransomware-as-a-service (RaaS) operation has added Kinetic Education, an online tutoring company based in Victoria, Australia, to its darknet leak site. The breach was publicly disclosed on 8 June, though the post contained minimal details only the company’s logo, the date of the leak, and a view count exceeding 11,000.
Neither Qilin nor its affiliates provided information on the volume of stolen data or the specifics of the compromised information. Kinetic Education has not responded to requests for comment.
About Qilin
Active since 2022, Qilin has claimed 1,929 victims across 99 countries, making it the most active ransomware group in 2026, with an average of 100 victim listings per month. Operating under a RaaS model, the group provides affiliates with ransomware infrastructure in exchange for a share of ransom payments. While some affiliates publish detailed evidence of attacks, others like in Kinetic Education’s case release only basic information.
This incident follows Qilin’s recent targeting of The Banyans Medical Centre and Specialist Clinics, a Queensland-based healthcare provider, earlier this month.
About Kinetic Education
Founded in the 1990s, Kinetic Education offers online maths and English tutoring for students from kindergarten to Year 12. The company has served over 100,000 Australian families over its three-decade history.
Kinetic Education TPRM report: https://www.rankiteo.com/company/kineticeducation
"id": "kin1781742227",
"linkid": "kineticeducation",
"type": "Ransomware",
"date": "6/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '100,000+ families',
'industry': 'Education',
'location': 'Victoria, Australia',
'name': 'Kinetic Education',
'type': 'Online Tutoring Company'}],
'date_publicly_disclosed': '2026-06-08',
'description': 'The Qilin ransomware-as-a-service (RaaS) operation has added '
'Kinetic Education, an online tutoring company based in '
'Victoria, Australia, to its darknet leak site. The breach was '
'publicly disclosed on 8 June, though the post contained '
'minimal details including only the company’s logo, the date '
'of the leak, and a view count exceeding 11,000. Neither Qilin '
'nor its affiliates provided information on the volume of '
'stolen data or the specifics of the compromised information. '
'Kinetic Education has not responded to requests for comment.',
'motivation': 'Financial gain',
'ransomware': {'ransomware_strain': 'Qilin'},
'references': [{'date_accessed': '2026-06-08', 'source': 'Darknet leak site'}],
'threat_actor': 'Qilin Ransomware Group',
'title': 'Qilin Ransomware Group Lists Australian Tutoring Provider Kinetic '
'Education as Latest Victim',
'type': 'Ransomware'}