Qilin Group Takes Credit for Malibu Boats Australia Cyber Breach

The Qilin ransomware group has reportedly infiltrated the internal systems of Malibu Boats Australia, claiming to have exfiltrated hundreds of gigabytes of confidential corporate data.

 

Malibu Boats Australia is a long-established boat manufacturer and retailer specialising in water sports towboats designed for activities such as wakeboarding and other water-based recreation. With over 30 years of Australian manufacturing experience, the company operates a nationwide network of dealers.

 

On October 29, the Qilin ransomware group announced that it had infiltrated the internal network of the boat manufacturer, listing Malibu Boats Australia as a victim of its cyber attack on the group’s data leak site. The group claimed to be in possession of 160 gigabytes of data, comprising 148,538 files.

 

 

Although the hacker group shared a link to download the stolen data, Cyber Daily reports that the link is currently inaccessible, and no sample data or further details about the incident have been released.

 

Malibu Boats Australia has not yet confirmed the claims made by the threat actors or provided any official statement regarding whether the company has experienced a potential data security incident affecting its internal systems or confidential information.

 

The Qilin ransomware group is a Russian-speaking cybercriminal syndicate known for ransomware-as-a-service (RaaS) operations. Originally launched as "Agenda" in August 2022, it was rebranded as Qilin in 2023. The group targets a wide range of sectors globally, including healthcare, automotive, media, and public services, often stealing large volumes of sensitive data and demanding ransom payments.

 

Notable incidents attributed to Qilin in the recent past include a cyber attack on Yanfeng Automotive Interiors, a major Chinese automotive parts supplier, disrupting production for automakers like Stellantis, GM, Volkswagen, and others. The group also targeted Lee Enterprises, an American newspaper publisher, stealing up to 350 GB of confidential data and causing operational disruptions.

 

The group is known for using custom tactics like file extension changes and process termination to maximise impact. They exploit vulnerabilities, including zero-day exploits like "Citrix Bleed," to gain unauthorised access.