Europol has confirmed {that a} Telegram channel impersonating the company and providing a $50,000 reward for info on two Qilin ransomware directors is faux. The impostor later admitted it was created to troll researchers and journalists.
“We had been additionally stunned to see this story gaining traction,” Europol informed BleepingComputer on Monday. “The announcement did not come from us.”
The assertion comes after a brand new Telegram channel referred to as @europolcti was created on August sixteenth, claiming to supply a $50,000 reward for info on two Qilin ransomware admins often known as “Haise” and “XORacle”.
“Through the course of ongoing worldwide investigations, we have now confirmed that the cybercriminal group Qilin has carried out ransomware assaults worldwide, severely disrupting crucial infrastructure and inflicting vital monetary losses,” reads the imposter’s Telegram put up.
“We now have recognized two major directors working beneath the aliases Haise and XORacle, who coordinate associates and oversee extortion actions.”
“We’re actively pursuing all obtainable leads in cooperation with worldwide companions.”
“A reward of as much as $50,000 is obtainable for info that instantly results in the identification or location of those directors.”
Supply: BleepingComputer
Haise is believed to be one of many operators of the Qilian ransomware gang, beforehand recruiting associates on the RAMP cybercrime discussion board.
The Qilin ransomware operation was initially launched as “Agenda” in August 2022. Nonetheless, by September that yr, it had rebranded beneath the identify Qilin, which it continues to make use of to at the present time.
The ransomware operation is without doubt one of the most lively, at present focusing on firms worldwide.
Nonetheless, after Europol confirmed it was faux, a brand new put up appeared on the imposter channel claiming it was created to troll researchers and journalists, a few of whom wrote articles concerning the claims.
“This was really easy to run and idiot so referred to as ‘Researchers’ and ‘Journalists’ that simply copy stuff.. Thanks all!,” reads the brand new put up.
Supply: BleepingComputer
The put up was signed by Rey, a hacker beforehand linked to breaches at Telefonica and Orange Group.
Menace actors had begun trolling Qilin in August fifteenth posts on a Telegram channel impersonating menace actors from “Scattered Spider”, “ShinyHunters”, and “Lapsus,” the place somebody had begun calling out Haise and the ransomware operation.
This isn’t the primary time menace actors tried to mislead the media about cybercrime.
In 2021, a RAMP admin often known as ‘Orange’ or ‘boriselcin’ and who ran the “Groove” ransomware website, referred to as on menace actors to assault the USA. This menace actor was later sanctioned by the US for his involvement in three ransomware operations that focused victims throughout the US.
After the media lined this put up, together with BleepingComputer, the menace actor claimed it was faux and was created to troll and manipulate the media and safety researchers.
Nonetheless, safety researchers from McAfee and Intel 471 imagine that it was possible the menace actor making an attempt to cowl up for a failed ransomware-as-a-service.
In 2023, BleepingComputer receieved a “tip” about an alleged arrest of two Canadian teenagers over a crypto-theft assault.
Whereas BleepingComputer discovered that the information was faux and didn’t cowl the story, we had been informed it was finished to control the media and “troll” the individuals accused of the theft.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration traits.
