Qilin Ransomware allegedly breached chemical manufacturer giant Dow Inc

Qilin ransomware claims a breach of Dow Inc., listing it on its Tor leak site, but no proof of the hack has been released yet.

Qilin Ransomware group allegedly breached the chemical manufacturing giant Dow Inc. The cybercrime group added the company to its Tor data leak site, but at this time, it has not published any proof of the hack.

Dow Inc. is a global chemical manufacturing giant headquartered in the United States. The company employs approximately 36,000 people worldwide and generates annual revenues of around $40 billion. It operates in more than 160 countries, supplying advanced materials, chemicals, and plastics to industries including packaging, infrastructure, mobility, and consumer applications.

Qilin ransomware operation has been active since 2022, it has become one of the most active RaaS groups in 2025, claiming over 40 victims monthly and peaking at 100 in June.

The group enables affiliates to deploy customized ransomware payloads against targeted organizations. Qilin uses double-extortion tactics, encrypting data while threatening to leak it via Tor-based portals. The group has targeted multiple sectors worldwide, including healthcare, manufacturing, and finance, leveraging phishing and known vulnerabilities.

In October 2025, Resecurity’s researchers detailed how the Qilin RaaS group relies on global bulletproof hosting networks to support its extortion operations.

In early October, DragonForce, LockBit, and Qilin formed a ransomware alliance to boost attack effectiveness, marking a major shift in the cyber threat landscape. Ransomware groups DragonForce, LockBit, and Qilin formed a strategic alliance to enhance their attack capabilities, signaling an evolving cyber threat landscape. The alliance aims at sharing tools and infrastructure to enhance attack effectiveness. 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Dow Inc)