Germany's Die Linke Party Confirms Data Stolen in Qilin Ransomware Attack

Die Linke, the German left-wing political party, has confirmed that data was stolen from its systems in a ransomware attack carried out by the Qilin group, BleepingComputer reported. Qilin, a ransomware-as-a-service operation that has been active since at least 2022, has claimed responsibility for the intrusion and is believed to have exfiltrated party data before encrypting systems. Ransomware groups routinely steal data prior to deployment of their encryption payload as leverage for ransom negotiations -- a technique known as double extortion. Die Linke is a federal political party represented in the German parliament. Political parties hold significant volumes of sensitive information including donor records, internal communications, membership databases, voter outreach data, and strategic planning documents. The nature of the data accessed in the attack was not fully detailed in initial disclosures. Qilin has been an increasingly prolific ransomware operator, having previously compromised UK healthcare systems in a 2024 attack that disrupted hospital services and led to the public release of patient data. The group operates on a ransomware-as-a-service model, recruiting affiliates to deploy its malware in exchange for a share of ransom payments. Political organizations across Europe and North America have faced a growing volume of cyberattacks in recent years, with both state-sponsored and financially motivated threat actors targeting parties, campaigns, and legislative bodies. Germany's Federal Office for Information Security has been active in alerting political organizations to the elevated threat environment.