In June 2025, the Qilin ransomware group became the most active ransomware group, impacting 81 victims and showing a 47.3% increase in activity. This Ransomware-as-a-Service operation has tallied over 310 victims since its inception and is recognized for its sophisticated methodologies and the targeting of critical infrastructure vulnerabilities. Their recent attacks predominantly utilized vulnerabilities in Fortinet’s enterprise appliances, focusing on CVE-2024-21762 and CVE-2024-55591 in unpatched FortiGate and FortiProxy devices. This evolution underscores the growing complexity of ransomware threats in the cybersecurity landscape.
The ransomware landscape witnessed a dramatic shift in June 2025 as the Qilin ransomware group surged to become the most active threat actor, recording 81 victims and representing a staggering 47.3% increase in activity compared to previous months.
This Ransomware-as-a-Service operation, which has accumulated over 310 victims since its emergence, has distinguished itself through sophisticated attack methodologies and strategic exploitation of critical infrastructure vulnerabilities.
The group's rapid ascension reflects the evolving nature of ransomware threats, where technical innovation and opportunistic targeting converge to create unprecedented cybersecurity challenges.
The group's recent campaign has primarily leveraged critical vulnerabilities in Fortinet's enterprise security appliances, specifically targeting CVE-2024-21762 and CVE-2024-55591 in unpatched FortiGate and FortiProxy devices.
Collection
[
|
...
]