Breach Announcement on Qilin’s Site (BleepingComputer)
The Qilin ransomware group has claimed responsibility for a cyberattack targeting the American media company Lee Enterprises. The hackers assert that they have stolen confidential data and intend to publish it on March 5 unless their ransom demands are met.
In early February, Lee Enterprises notified the U.S. Securities and Exchange Commission (SEC) that it had suffered a severe cyber incident, which had caused significant operational disruptions. The attack crippled internal systems, cloud storage, and the corporate VPN, hindering employees’ access to critical resources. In a subsequent report, Lee Enterprises confirmed that the attackers had encrypted vital applications and exfiltrated a trove of files, ultimately verifying that ransomware had been deployed in the breach.
On March 3, Qilin released samples of the stolen data on its leak site. The published files include scans of identification documents, non-disclosure agreements, financial records, contracts, and other confidential materials. According to the hackers, the total volume of the exfiltrated data amounts to 350 GB, comprising approximately 120,000 files. Lee Enterprises has acknowledged the cyberattack and stated that an investigation is underway. However, the company has not disclosed whether it intends to pay the ransom.
Lee Enterprises operates 77 daily newspapers and 350 weekly and specialty publications across 26 U.S. states. The company’s print circulation exceeds 1.2 million copies, while its digital platforms attract over 44 million unique visitors per month.
In 2023, cybersecurity specialists from Group-IB infiltrated the Qilin group and published a detailed report exposing its internal structure and financial model.
