QILIN Ransomware Group Lists CAD-IT UK as Latest Victim on Dark Web Portal

The QILIN ransomware operation has publicly listed CAD-IT UK as its latest claimed victim, adding the UK-based engineering software solutions provider to its dark web leak site. The listing surfaced on threat intelligence channels, marking another escalation in the group's targeting of European technology and professional services firms.

CAD-IT UK, a subsidiary of the CAD-IT group, provides CAD, CAE, and PLM software solutions primarily to manufacturing and engineering sectors. The company's profile makes it a strategically relevant target for ransomware actors seeking to pressure organizations with valuable intellectual property and time-sensitive client deliverables. The QILIN group, also tracked under alternative designations, has built a reputation for double-extortion tactics—exfiltrating sensitive data before encryption and threatening public release if ransom demands are not met. At this stage, the extent of any data exfiltration or operational disruption remains unclear, and the company has not yet issued a public statement regarding the incident.

The emergence of this claim raises immediate questions about potential exposure of client engineering data, proprietary designs, and internal communications. Organizations with vendor relationships to CAD-IT UK may face secondary risk if shared project files or system integrations were compromised. Security researchers tracking QILIN note the group has previously targeted mid-market technology and consulting firms, often leveraging stolen credentials or exploiting perimeter vulnerabilities. The incident underscores the continued threat ransomware groups pose to specialized professional services firms that sit within complex supply chains. Further details on the scope of the breach and any ransom demands are expected to emerge as the situation develops.