Qilin Ransomware Affiliate Panel Login Credentials Exposed Online

A significant security breach within the Qilin ransomware operation has provided unprecedented insight into the group’s affiliate network structure and operational methods.

On July 31, 2025, internal conflicts between the ransomware group and one of its affiliates led to the public exposure of sensitive operational details, marking a rare glimpse into the inner workings of a major ransomware-as-a-service (RaaS) operation.

Affiliate Dispute Leads to Major Intelligence Leak

The exposure began when a Qilin affiliate operating under the handle “hastalamuerte” publicly accused the ransomware group of conducting an exit scam, allegedly defrauding the affiliate of $48,000.

This dispute escalated when another cybercriminal known as “Nova,” associated with a competing ransomware group, released login credentials and access details to Qilin’s affiliate management panel on dark web forums.

The leaked information included administrative access to the group ...